The December cumulative security update for Internet Explorer 6, 7, 8, 9, 10, and 11 is available on Windows Update. It repairs seven potentially dangerous places, which were, however, reported in time before their public discovery. The most serious vulnerabilities relate to remote code execution if a user visits an attacker’s website. The user can then gain the same rights as the user.
Users with UAC (User Account Control) enabled are better protected against attacks. The update is on Windows Update, so you don't need to take any special action if you have automatic updates enabled. Otherwise, I recommend deploying this update as soon as possible, because the most vulnerable systems are in the time between the disclosure of the vulnerability and the installation of the security update.
The update is rated critical for Windows Client and Recommended for Windows Server.
An update to Adobe Flash Player for Internet Explorer 10 and 11 for Windows 8 and 8.1 and Windows Server 2012 and 2012 R2 has also been released and is rated as critical.
For more information, see MS13-097 and APSB13-28.
I wrote the article for TechNet Blog CZ/SK.