Microsoft has found a security flaw in its popular web browser — Internet Explorer — which could allow hackers to gain control of a computer, and there have already been targeted attacks to exploit the bug.
The risk from the flaw could allow hackers to gain control of a victim’s computer and Microsoft admitted there had already been “limited, targeted attacks” to exploit it.
Microsoft said the bug affects Internet Explorer (IE) versions 6 to 11 and that the firm is investigating the flaw and will take “appropriate” steps, the ‘BBC News’ reported.
The US software giant, which issued a security advisory over the weekend, said the steps “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs“.
The issue may be of special concern to people still using the Windows XP operating system because Microsoft ended its official support for that system earlier this month.
“The vulnerability crashes Internet Explorer on Windows XP,” said Cyber security firm Symantec that carried out tests to confirmed the risk.
According to Microsoft, hackers looking to exploit the flaw could host a “specially crafted website” containing content that can help them do so, the report said.
They could trap users into clicking on a link sent via an email or instant messenger, or by opening an attachment sent through an email.
In case they are successful, hackers could gain the same rights as the computer’s current user.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” Microsoft warned.
“An attacker could then install programmes; view, change, or delete data; or create new accounts with full user rights,” the firm said.
The IE versions account for more than 50 per cent of global browser market, according to NetMarket Share.
Earlier this month, the Heartbleed bug, had set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.