The April cumulative security update for Internet Explorer 6, 7, 8, 9, and 10 is available on Windows Update. It fixes two vulnerabilities that were reported in time before they were publicly revealed. The most serious vulnerabilities relate to remote code execution if a user visits an attacker’s website. The user can then gain the same rights as the user.
Users with UAC (User Account Control) enabled are better protected against attacks. The update is on Windows Update, so you don't need to take any special action if you have automatic updates enabled. Otherwise, I recommend deploying this update as soon as possible, because the most vulnerable systems are in the time between the disclosure of the vulnerability and the installation of the security update.
The update is rated critical for Windows Client and Recommended for Windows Server.
An update to Adobe Flash Player in Internet Explorer 10 for Windows 8 and Windows RT has also been released, which is also rated as critical.
Although the main purpose of the update is to improve security, it also contains minor functionality fixes. Tracking Protection lists are updated more reliably. Fixed a bug where the browser sometimes generated incorrect native code in a JavaScript loop, causing a JavaScript runtime error. For some pinned sites on the Start screen, the tile image isn't recognized. And several bugs related to DOM page styling via CSS have also been fixed.
For more information, see Security Bulletin MS13-028 and the KB2817183 and KB2833510 Support articles.
I wrote the article for TechNet Blog CZ/SK.