A few days ago, Microsoft announced it would offer a "critical" update for Internet Explorer 9 that fell outside the normal patches for the web browser. On Tuesday, as part of its "Patch Tuesday" update for many of its software products, Microsoft also released its patch for IE 9.
This patch brings the official version number for IE 9 up to 9.0.8. In a post on the official IE developer blog, Microsoft states:
This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More details of the critical update can be read in Microsoft"s official security bulletin. The company adds that it was giving information about these IE 9 exploits privately and that there is no evidence at the moment that this issue is known more widely or that it is being used by any hackers.
Source: Official IE blog