The September cumulative security update for Internet Explorer 9 is available on Windows Update. It fixes one publicly known vulnerability and four other vulnerabilities that were reported in time before they were publicly disclosed. All fixes are related to remote code execution when a user visits an attacker’s Web page. The user can then gain the same rights as the user.
Users with UAC (User Account Control) enabled are better protected against attacks. The update is on Windows Update, so you don't need to take any special action if you have automatic updates enabled. Otherwise, I recommend deploying this update as soon as possible, because the most vulnerable systems are in the time between the disclosure of the vulnerability and the installation of the security update.
The update is rated Critical for Internet Explorer 6, 7, 8, and 9 on Windows client and Recommended for Internet Explorer 6, 7, 8, and 9 on Windows Server. Internet Explorer 10 is not affected by the vulnerabilities.
A security update for Adobe Flash Player for Internet Explorer 10 on Windows 8 and Windows Server 2012 has also been released.