Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9.

The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9.

CVE Rating IE8 IE9
CVE-2011-1246 Moderate Yes No
CVE-2011-1258 Moderate Yes No
CVE-2011-1252 Important Yes No
CVE-2011-1256 Important Yes No
CVE-2011-1255 Critical Yes No
CVE-2011-1254 Critical Yes No
CVE-2011-1251 Critical Yes No
CVE-2011-1250 Critical Yes Yes
CVE-2011-1260 Critical Yes Yes
CVE-2011-1261 Critical Yes Yes
CVE-2011-1262 Critical Yes Yes

As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9. This is due to various factors related to security work that happened in IE8, ranging from deprecating obsolete features, to improving fuzzing tests in IE9 and so on. For example, CVE-2011-1255 is related to HTML+TIME, which was deprecated in IE9 development.

There are many beautiful things in IE9. Besides all these wonderful new features, we would also recommend you to update to IE9 if you can for security. :)

Chengyun Chu, MSRC Engineering