The April cumulative security update for Internet Explorer 6, 7, 8, 9, and 11 is available on Windows Update. Fixes 6 potentially dangerous bugs that were reported early before they were publicly revealed. The most serious vulnerabilities relate to remote code execution if a user visits an attacker’s website. The user can then gain the same rights as the user. It also includes a new compatibility mode.
Users with UAC (User Account Control) enabled are better protected against attacks. The update is on Windows Update, so you don't need to take any special action if you have automatic updates enabled. Otherwise, I recommend deploying this update as soon as possible, because the most vulnerable systems are in the time between the disclosure of the vulnerability and the installation of the security update.
The update is rated critical for Windows Client and Critical for Windows Server. Internet Explorer 10 is not affected. This is also the last update for Internet Explorer 6, which has been with us for 12 long years.
Versions 11.0.5 and 11.0.6 were skipped and never released. This has to do with the heavier weight of this update. It introduces the Enterprise Network Mode feature, which is a compatible mode for applications written for IE 7 and 8. It is turned on through Group Policies.
An update to Adobe Flash Player for Internet Explorer has also been released, which is rated as critical.
For more information, see MS14-018 and APSB14-09.
I wrote the article for TechNet Blog CZ/SK.