Microsoft patches Internet Explorer flaw being used to hijack PCs - Engadget

Microsoft has rolled out a fix for a zero-day Internet Explorer vulnerability that hackers are already using for targeted attacks. The tech giant didn't elaborate on the scope of those attacks, but it did explain how criminals can use the memory-corruption flaw. Apparently, attackers simply have to get users to visit websites engineered to exploit it -- by sending them links via email, for instance -- in order to hijack their computers. Once attackers gain control of their system, they can install programs, view or even change data, as well as create new accounts with full user rights.

In its security update report, Microsoft said that Google discovered and alerted it to the flaw. According to Satnam Narang from cyber exposure company Tenable, the flaw affects IE11 for Windows 7 to Windows 10, as well as IE9 and IE10 on specific versions of Windows Server. Narang is urging users to "update their systems as soon as possible to reduce the risk of compromise" since "the flaw is being actively exploited in the wild."

Microsoft says the update fixes the issue by "modifying how the scripting engine handles objects in memory." Those who've applied the latest Windows security rollout are already protected, and Microsoft is encouraging everyone else to follow suit.