Microsoft has warned consumers that a vulnerability in its Internet Explorer browser could let hackers gain access and user rights to their computer.The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of “limited, targeted attacks” to exploit it.
According to NetMarket Share, the IE versions account for more than 50% of global browser market.
Microsoft says it is investigating the flaw and will take “appropriate” steps.
The firm, which issued a security advisory over the weekend, said the steps “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs”.
‘Complete control’
Microsoft said that hackers looking to exploit the flaw could host a “specially crafted website” containing content that can help them do so.
However, they would still need to convince users to view the website for them to be able to gain access to their computer.
They could do this by getting them to click on a link sent via an email or instant messenger, or by opening an attachment sent through an email.
However, a hacker would have “no way to force users” to view the content.
If successful, a hacker could gain the same rights as the computer’s current user.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” the firm warned.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
But the firm added that Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode, which “mitigates this vulnerability”.
