Microsoft has warned that its web browser has been hit by a critical vulnerability which could allow an attacker to gain control of IE users’ PCs.
Microsoft updated its Security Advisory 2757760 yesterday, with further details of the flaw entitled: “Vulnerability in Internet Explorer Could Allow Remote Code Execution.”
The potential exploit can be leveraged on Internet Explorer 6, 7, 8 and 9, but those using Internet Explorer 10 aren’t affected.
The vulnerability can corrupt memory in such a manner that allows an attacker to execute code within IE. Microsoft notes that a malware peddler could craft a website designed to exploit this weakness, and any surfer lured there would be infected.
For the moment, security experts are advising those who use Internet Explorer to switch to another browser until a patch is applied to IE.
Yesterday, Microsoft promised that it would release a patch in the next “few days” to deal with this issue, so the fix should definitely be here before the end of the week, and most likely tomorrow given the severity of this issue.
Microsoft describes the incoming fix as a “one-click” easy to use patch which will provide full protection, and won’t necessitate a reboot.
Microsoft wrote: “While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online.”