A dangerous flaw in Internet Explorer has prompted Microsoft to issue an emergency out-of-band security update.
In an advisory posted last Thursday, Microsoft informed the public about a newly detected security vulnerability in Internet Explorer. Here, they warned that the vulnerability affects all versions of Windows – from Windows 7 to 11, including 8.1 and Vista.
According to the company, the vulnerability was already exploited and is rated as critical on client operating system and moderate on all server operating system.
The advisory explains that the CVE-2105-2502 has the potential to hi-jack control of your computer via Internet Explorer. They also warned users that vulnerable computers can be exploited by simply visiting maliciously-crafted websites.
Attempts would be made to redirect potential victims to booby trapped websites by tricking them into opening an unsolicited email attachment or by using spammed out links.
Once the computer has been compromised, it may grant the attacker administrator level privileges on the target device. This kind of vulnerability may allow attackers to see personal information. The good news is, they won’t be able to choose what they see.
If the user has administrative capabilities, the attacker would be able to take complete control over their device and do certain things such as install a program or modify a file. Attackers can do the same thing even if users do not have administrative privileges, but may be slightly better off.
Microsoft’s new browser, Edge, is not listed on the page and is not at risk through the vulnerability. However, since it also ships with a copy of Internet Explorer 11 installed, they included it in the update as well.
Microsoft urged Windows users to update their machines as soon as possible to protect their devices from security vulnerabilities affecting Internet Explorer.
For those that have an automatic updating turned on, Microsoft is delivering the update via its automatic Windows Update. For others, these patches are already available via Microsoft’s Download Center.