Microsoft has announced a critical security update for Internet Explorer to fix a vulnerability affecting versions 6 through 11. Microsoft's alert notes that customers who have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically.
- ISG recommends that you utilize another browser until you receive the IE update.
- If may also receive specifically directed messages relative to certain programs (such as Kronos) directing you to use a different browser.
- If you are on a remaining XP machine, you may not receive the automatic update, and should manually update your IE version before continuing to use it.
For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. For Customers who do not have automatic updating enabled, the steps in Turn automatic updating on or off can be used to enable automatic updating.
For administrators and enterprise installations, or end users who want to install this security update manually (including customers who have not enabled automatic updating), Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. The updates are also available via the download links in the Affected Software table later in this bulletin.
See the Microsoft Security Bulletin MS14-021 - Critical for full details.