MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260)

This isn't the first time that Microsoft has released an out-of-band patch for Internet Explorer, but they are certainly pretty rare. I'd patch for this one as soon as reasonably possible.

MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260): "Bulletin Severity Rating:Critical - This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

(Via Microsoft Security Bulletins.)