Microsoft has discovered a new vulnerability in its Internet Explorer browser that could allow hackers to take control over unprotected PCs. The new bug, which was discovered in all versions of the browser, exposes Explorer’s memory management system. If exploited, the vulnerability could allow hackers and cybercriminals to inject their own malicious code into a given computer and seize control of it. Microsoft says the code required to exploit the hole has already been published, but it appears that no high-tech criminals are currently using it.
Microsoft had previously issued browser updates to improve memory management and security, but researchers discovered that the updated systems are not always used when older parts of Windows are used. In a statement, the company said it was “investigating” the bug, and recommended that customers use the Enhanced Mitigation Experience Toolkit to protect themselves until a permanent fix is installed.
“As vulnerabilities go, this kind is the most serious as it allows remote execution of code,” said Rik Ferguson, a senior security analyst at Trend Micro. “This means the attacker can run programs, such as malware, directly on the victim’s computer.” Ferguson added that the recently discovered bug was “highly reminiscent” of a vulnerability that, two years ago, prompted several national governments to warn consumers against using the browser.