Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.
Hackers have already used the flaw to launch “limited, targeted attacks,” Microsoft said a “security advisory” on Saturday.
As with many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user’s computer — and even gain the same level of access to the computer as the real user.
It’s a serious flaw, and a widespread one: Internet Explorer comprised almost 58 percent of all desktop browsers in March, according to analytics company Net Applications.
Even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers until Microsoft is able to fix the problem.
The Internet Explorer issue affects the browser’s versions 6 through 11, Microsoft said in its post. Microsoft’s response came one day after security company FireEye revealed the flaw in a post on its own site on Friday.
FireEye said attackers are focusing mostly on newer browsers: Internet Explorer versions 9 through 11, which make up about a quarter of all browsers. FireEye dubbed the attacks “Operation Clandestine Fox” and called the flaw “significant.”
Microsoft is still investigating the issue, and the company said it may fix the problem through either a scheduled or off-cycle security update.
Until then, Microsoft wrote in a separate blog post, the company recommends typical protection steps like installing anti-virus software and being cautious when visiting websites. Microsoft also suggested using Internet Explorer in “enhanced protected mode” and downloading a “toolkit” to help guard against attacks.
FireEye recommended that users disable Adobe Flash, saying “the attack will not work” in that case.
Those steps could help protect users of newer Windows versions until Microsoft releases a fix. But the glitch is a sobering reminder that no help is coming for users ofWindows XP, as Microsoft dropped support of that operating system earlier this month.