Microsoft announced a vulnerability in Internet Explorer that could allow remote code execution. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. For more information, please read the Microsoft® Security Advisory article, "Vulnerability in Internet Explorer Could Allow Remote Code Execution" (2963983) at the link below:
Microsoft has released a security update that addresses this issue and the update is being distributed via Windows Update. For more information, please read "Microsoft® Security Bulletin MS14-021 - Critical" at the link below:
Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. For customers who do not have automatic updating enabled, the steps in Turn automatic updating on or off can be used to enable automatic updating.
For customers who wish to manually download and install the update themselves, please refer to the link below which provides links to download the appropriate security update based on your version of Windows OS and Internet Explorer:
[For customers using Windows XP and older versions of the Windows OS]
Unsupported versions of Windows no longer receive software updates from Windows Update. However, for this security update, customers using certain versions of Windows XP will receive the update via Windows Update. They can also choose to manually download and install the security update from Microsoft. For more information regarding supported Windows OS and affected versions of Internet Explorer, please refer to the link below to see the list of supported versions:
Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11