Microsoft has issued an emergency update to patch a critical vulnerability that affects all supported versions of Internet Explorer. If you haven’t already installed the fix, it’s recommended that you do so ASAP as hackers are said to be actively exploiting it. Here’s everything you need to know.
Security bulletin MS15-093 pertains to a remote code execution flaw found in found in all supported versions of Internet Explorer (IE7 and newer; Microsoft’s Edge browser for Windows 10 isn’t at risk) including 32- and 64-bit variants.
Specifically, the vulnerability deals with improperly accessing objects in memory which could subsequently corrupt memory in a manner that allows an attacker to run code remotely. Said hacker could also gain the same user rights as the current user. As such, those with full admin rights are at a greater risk than users with restricted access.
Microsoft says an Internet Explorer user visiting a specially crafted website designed to exploit the flaw could become victimized. What’s more, attackers don’t need their own site as the bug can be exploited over ad networks used on legitimate sites. Getting users to a compromised or crafted page is actually easier than it sounds as a phishing attempt via e-mail would certainly do the trick.
Again, Microsoft notes that the vulnerability is being actively exploited although it didn’t provide any further details on the matter. Users can grab the patch via Windows Update or obtain the standalone fix via the Microsoft Download Center.