Microsoft said in an advisory that a remote code execution vulnerability exists in some versions of Internet Explorer. Users could be unknowingly infected. The advisory reads in part “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
All currently supported versions of Windows are affected by this flaw. This includes not just Windows 7, Windows 8 and Windows 10, but several Windows Server versions. Most users are able to just install the patches using Windows Update.
Microsoft normally releases security fixes the second week of each month on “Patch Tuesday“. The company however does publish patches for actively exploited vulnerabilities as soon as they are available.
While details of the flaw have not been publicly revealed Microsoft said the vulnerability is under active exploitation. The U.S. Department of Homeland Security also published its own warning to affected users urging them to install these patches.
Header Image by Juankbrera