Microsoft has released an “out-of-band” patch to address a critical vulnerability in all versions of Internet Explorer on all flavours of currently supported Windows operating systems.
According to Microsoft, the patch fixes a remote-code execution flaw that could allow hackers to gain access to the affected system with the same level of privileges as the user. The vulnerability is to do with improper memory access and attackers can corrupt memory in a way that allows them to execute code with the current user’s privileges. If the user happens to be an administrator, attackers can gain complete unrestricted access of the computer.
As per the information provided in the security bulletin, the “Critical” vulnerability is present in Internet Explorer versions 7 through 11 on Windows 7, 8, 8.1, 10, and Vista. Windows Server operating systems are also affected – WS 2008, 2012, 2012 R2 and the Windows Server Technical Preview, but considering that the browser runs in a “Enhanced Security Configuration” that should mitigate the effects of this problem.
Microsoft has noted that its Edge browser that ships with Windows 10 isn’t affected by the vulnerability. But users should note that Windows 10 does ship with Internet Explorer 11 and so it is recommended that the patch is applied pronto.
This is the third major update for Windows 10 since it launch. Microsoft is releasing updates after updates for its latest operating system and though none of the bugs that have been brought to light have put a dent in Windows 10’s market share, it remains to be seen what kind of vulnerabilities are revealed in future.