Microsoft pushes Emergency Patch for Zero-Day Internet Explorer Flaw

It's time to immediately patch your Internet Explorer – Once again!

Microsoft has issued an emergency out-of-band patch for all supported versions of Internet Explorer browser, to fix a critical security flaw that hackers are actively exploiting to hijack control of targeted computers.

The Zero-Day flaw (assigned CVE-2015-2502) is a Remote Code Execution vulnerability that could be exploited when a user visits a booby-trapped website or open a malicious email on an affected machine.

The security bug actually resides in the way Internet Explorer handles objects in memory. If successfully exploited, a hacker could gain the same user privileges as the current user.

Therefore, users running administrator accounts on their machines as well as systems where IE is frequently used, like workstations or terminal servers, are particularly at the most risk from this vulnerability.

"An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft officials wrote in an advisory posted Tuesday. An attacker could then:

In simple words, this zero-day vulnerability could allow an attacker to take over the affected Windows machine. According to the company, the flaw has been publicly exploited.

The zero-day flaw affects all supported versions of Microsoft's Internet Explorer, from IE7 to IE 11 which runs on the recently released Windows 10. However, Microsoft's new Edge browser is not affected.

The vulnerability gains Microsoft's top severity of 'Critical' for all desktop versions of Windows. The company credited its security engineer Clement Lecigne to report the bug.

Users and administrators are advised to install the update as soon as possible. Windows users may also find some protection mechanism using the Enhanced Mitigation Experience Toolkit (EMET) that helps prevent vulnerabilities in software from being successfully exploited.