KB5033376 for Internet Explorer

KB5033376 is the cumulative update for Internet Explorer. It was released on 12 December 2023 as part of the ‘Patch Tuesday’ project.

Salient points

  • KB5033376 is for Internet Explorer 11 and Internet Explorer 9.
  • This security update addresses a CRITICAL vulnerability CVE-2023-35628. The vulnerability exists in the Windows MSHTML platform. It could lead to ‘Remote Code Execution’ attacks on the target systems.
  • KB5033376 is an Extended Security Update. You will need a valid ESU license key to access and install the security updates for Internet Explorer 11 and Internet Explorer 9
  • Upon installation of KB5033376, the system will require a reboot.

KB5033376 has been released for Internet Explorer 11 on the following server platforms:

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1

For Internet Explorer 9, the security update is available for:

  • Windows Server 2008 SP2

KB5033376 is included in the following monthly rollup updates:

  • KB5033420 Monthly Rollup update for Windows Server 2012 R2
  • KB5033429 Monthly Rollup update for Windows Server 2012
  • KB5033433 Monthly Rollup update for Windows Server 2008 R2 for x64 systems Service Pack 1
  • KB5033424 Security Update for Windows Server 2008 R2 for x64 systems Service Pack 1

You could deploy any of these updates to get full security coverage for Internet Explorer 11 on these servers.

Download KB5033376

Before getting the KB5033376 update, you will need to ensure you have a valid extended secrurity update (ESU) license. Once you have the ESU licensing, you can use automated or manual methods to apply KB5033376 for Internet Explorer.

You can use automated methods to install KB5033376:

  • Windows Update for Business
  • WSUS or Windows Server Update Service

You can download the offline installer file for KB5033376 for the various platforms from the direct download links below.

Download KB5033376 for Internet Explorer 11

Download KB5033376 for Internet Explorer 9

Vulnerability

KB5033376 targets and resolves a security vulnerability CVE-2023-35628. The vulnerability could lead to ‘Remote Code Execution’ threats on the target systems.

It is a CVSS 8.1 vulnerability with a ‘CRITICAL’ severity.

The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client. This could lead to exploitation BEFORE the email is viewed in the Preview Pane.

December 2023 Cumulative or Security Updates

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.