large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

A major Internet Explorer security flaw might not be fixed for a few weeks

A significant security flaw in Internet Explorer − remember it? − is currently being exploited by hackers, but Microsoft is dragging its feet to fix it.

The issue was reported by US-CERT on Saturday morning, and the vulnerability seems to be related to an issue with the memory in the browser’s scripting engine.

Hackers can reportedly take advantage of the issue to trick Internet Explorer users into opening HTML-formatted web pages and email attachments, PDF files and Microsoft Office documents hiding malicious code.

Related: Best antivirus

“Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript”, the report explains.

“The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.”

The organisation also revealed that the vulnerability has been “detected in exploits in the wild” − which means hackers are already taking advantage of the bug.

According to TechCrunch, Microsoft is aware of targeted attacks and is working on releasing a fix. Unfortunately, the patch likely won’t arrive until the browser’s next round of monthly security fixes due − that’s February 11.

2020 has already been a rough year for Microsoft’s security department.

First, Microsoft ended support for Windows 7, which wouldn’t be an issue here if this new security flaw didn’t affect PCs running Windows 7 (it does). Any users still putting off upgrading to Windows 10 might want to make the jump now if they want to get their hands on the February patch.

Related: Best VPNs for security and privacy

Then, just hours after Microsoft cut support for Windows 7, a major Windows 10 vulnerability raised its head. This one so serious, that the NSA got involved.

While the latter issue has since been patched, it nevertheless marked a rocky start to the year for Microsoft and loyal Windows users alike.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.