Full explanation below:
Make sure you get Updates to Adobe Flash and Java regularly.
It's official: Older versions of IE are now at risk
Of the 13 vulnerabilities patched by MS16-009, nine affected every version of IE that is still supported, including IE9 on Windows Vista and IE10 on Windows Server 2012. Because different versions of Microsoft's browser share large amounts of code -- that was one of the primary reasons the Redmond, Wash. company has dead-ended IE and started over with Edge -- it's almost certain that the nine vulnerabilities also exist in IE7 and IE8, and in IE9 and IE10 on Windows editions ineligible for patching.
In other words, more than two-thirds of the vulnerabilities patched by Microsoft on Tuesday probably exist in the retired IE versions.
XP and IE can still be updated using the POS or WEPOS update hack.