Severity Rating: Critical
Revision Note: V2.0 (January 13, 2015): To address issues with Security Update 3008923, Microsoft re-released MS14-080 to comprehensively address CVE-2014-6363. In addition to installing update 3008923, customers running Internet Explorer 10 on Windows 8, Windows Server 2012, or Window RT should also install update 3029449, which has been added with this rerelease. Customers who have already successfully installed the 3008923 update, which has not changed since its original release, do not need to reinstall it. See Microsoft Knowledge Base Article 3008923 for more information.
Summary: This security update resolves fourteen privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

More...