Microsoft has confirmed that it will fix an ongoing Internet Explorer security bug that’s currently being exploited by hackers.
The vulnerability was first reported by U.S. Homeland Security on Friday evening, although the issue is not limited to American devices.
Microsoft has released a workaround for an Internet Explorer vulnerability being used in limited targeted attacks. Implement workarounds and apply updates when available. Read more at https://t.co/hXYPa0I4VU. #Cyber #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) January 18, 2020
Overall, Microsoft says the bug affects all supported versions of Windows, including Windows 7, which will no longer receive security updates as of earlier this week.
That said, a Microsoft spokesperson told TechCrunch that the company is only “aware of limited targeted attacks” for which it’s already “working on a fix.”
In practice, the vulnerability exploits how Internet Explorer handles memory and can remotely run malicious code on a computer. This can come in the form of a link to a malicious site being sent to a user’s email, among other tricks.
However, Microsoft says it will likely not patch the vulnerability until the next monthly security release, which is scheduled for February 11th.
For now, Homeland Security recommends Internet Explorer users shift over to Microsoft Edge. In addition to being more secure at the moment, Microsoft has, in general, focused its browser-related efforts on Edge, anyway. To that end, Edge got a major revamp earlier this week, so it’s a good alternative all around.