Still Using Internet Explorer? Patch Windows Now
Microsoft quietly pushed out an out-of-band (read: emergency) update to Internet Explorer today to thwart attacks that could let malicious websites install malware on Windows PCs.
"An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," a Microsoft security advisory said.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability ... could then install programs; view, change, or delete data; or create new accounts with full user rights."
To make sure you're protected, run Windows Update. The vulnerability officially affects Internet Explorer 9, 10 and 11 on Windows 7, 8.1, 10 and supported server versions. If you're running older versions of IE, or older versions of Windows, it's time to upgrade.
Microsoft gave Google's Clement Lecigne credit for discovering the bug. Bleeping Computer reported that Google's Threat Analysis Group, for which Lecigne apparently works, had seen "the vulnerability being used in targeted attacks," but Microsoft didn't say anything about that in its security advisory or its associated support page.
Whether this vulnerability is being actively exploited or not, it certainly will be once malware writers dissect the Microsoft update, figure out how to attack the flaw and add working malware into browser exploit kits. That will likely all be done within 24 hours, so patch your Windows system now -- or just avoid using Internet Explorer.
Image credit: Lucian Milasan/Shutterstock