Dive Brief:
-
Microsoft announced that it has discovered a vulnerability in Internet Explorer that allows attackers to remotely run malicious code using the same privileges the primary user has.
-
An emergency patch was released Tuesday to allow users and administrators to quickly update their computers.
-
The new browser included in Windows 10 — Microsoft Edge — isn't affected by the vulnerability.
Dive Insight:
Microsoft said the vulnerability affects Internet Explorer versions 7 through 11 on Windows 7, 8, 8.1, 10 and Vista.
The vulnerability could corrupt memory in a way to allows hackers to execute code with the current user's privileges. If that user has administrator capabilities, the attacker could take complete control of a computer to modify files or install programs, Microsoft said.
Microsoft Edge isn't affected by the vulnerability, but because Windows 10 ships with a copy of Internet Explorer 11 installed, it is getting the update as well.
