It has been confirmed by Microsoft that its Internet Explorers versions six to eleven have a flaw and are  susceptible to a newly discovered bug that allows cybercriminals remote code execution if the user visits a spoofed and malicious site. The bug will give the cybercriminal essentially the same system privileges as the user. The flaw also can be exploited through opening up an email or clicking on an image.

Microsoft said on Saturday, that they are aware of limited attacks that have taken place targeting the vulnerability. It is reported that even though versions six through eight are at risk, hackers are targeting versions nine through eleven. This amounts to about 25% of all computers in the world.

The more rights the user has on a computer, the worse the attack can be according to Microsoft. The flaw allows a technique known as flash exploitation to bypass the computers security protection. Microsoft wrote on Saturday:

“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

It is suggested that computer users utilize  another browser such as Chrome, Firefox, or Safari until a fix can be sent out by Microsoft to address the issue.

Microsoft says that they will use either a monthly security update, or a special security update to patch the flaw.

But, according to Microsoft, the fix will not be available to XP users. Support for XP ended last month. XP accounts for a quarter of Internet users.

  bug, fix, flaw, hackers, internet explorer, microsoft, vulnerability