Microsoft flags Internet Explorer vulnerability

Internet Explorer

Software giant Microsoft has warned that almost all versions of its Internet Explorer web browser software contain a bug that could result in users' systems being compromised.

The flaw is reported to affect Internet Explorer versions 7, 8 and 9, but not the latest incarnation - Internet Explorer 10.

The company has urged users to install security software to protect their computers against the zero-day flaw.

"We're aware of targeted attacks potentially affecting some versions of Internet Explorer," Microsoft said in a statement.

The vulnerability can be exploited on computers running Windows XP, Vista and Windows 7, according to the security company Rapid7.

The flaw may come from the same place as the recently discovered Java 7 zero-day exploit, as it is run on the same server, said Rapid 7.

The bug was discovered by Eric Romang, a security researcher in Luxembourg.

The remote code execution vulnerability affects the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated.

The vulnerability may also corrupt memory in a way that could allow an attacker to execute arbitrary code within Internet Explorer.

"Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user," said Rapid7 in a blog post.

"Since Microsoft has not released a patch for this vulnerability yet, internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available."

Microsoft has deploy a free Enhanced Mitigation Experience Toolkit, EMET, as a safeguard for Internet Explorer users.

"Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760. EMET in action is unobtrusive and should not affect customers' web browsing experience," it said.

The German government's Federal Office for Information Security said in a statement that the browser's "weak point" is already being used for targeted attacks.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.