A significant security flaw in Internet Explorer − remember it? − is currently being exploited by hackers, but Microsoft is dragging its feet to fix it.
The issue was reported by US-CERT on Saturday morning, and the vulnerability seems to be related to an issue with the memory in the browser’s scripting engine.
Hackers can reportedly take advantage of the issue to trick Internet Explorer users into opening HTML-formatted web pages and email attachments, PDF files and Microsoft Office documents hiding malicious code.
Related: Best antivirus
“Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript”, the report explains.
“The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.”
The organisation also revealed that the vulnerability has been “detected in exploits in the wild” − which means hackers are already taking advantage of the bug.
According to TechCrunch, Microsoft is aware of targeted attacks and is working on releasing a fix. Unfortunately, the patch likely won’t arrive until the browser’s next round of monthly security fixes due − that’s February 11.
2020 has already been a rough year for Microsoft’s security department.
First, Microsoft ended support for Windows 7, which wouldn’t be an issue here if this new security flaw didn’t affect PCs running Windows 7 (it does). Any users still putting off upgrading to Windows 10 might want to make the jump now if they want to get their hands on the February patch.
Related: Best VPNs for security and privacy
Then, just hours after Microsoft cut support for Windows 7, a major Windows 10 vulnerability raised its head. This one so serious, that the NSA got involved.
While the latter issue has since been patched, it nevertheless marked a rocky start to the year for Microsoft and loyal Windows users alike.