Microsoft has recently released an out-of-band security patch for Internet Explorer urging users to install it as soon as possible.
The company has released an advisory stating that a security flaw has been discovered in Internet Explorer 9, 10 and 11 versions where a user can be furtively infected just by visiting a malicious web site or by clicking a link in the mail. Once the attacker exploits the vulnerability, he/she can take control of the affected system.
Microsoft noted that an attacker could install apps, view change or delete data and even create new user accounts with administrative privileges. All supported Windows versions are affected including Windows 7, 8.1, 10 along with several Windows Server editions.
Most users can install the patch using Windows Update, or download the patch manually from this page. The company has also released a fix for its built-in malware app Windows Defender that can also be exploited by this vulnerability which can result in DOS conditions resulting in app failing to start.
Even though “only” 8% of all browser users still use Internet Explorer, this still means that around 100 million machines can be affected by this bug. This vulnerability was discovered and reported by Clement Lecigne of Google’s Threat Analysis Group.