Microsoft has warned windows users to install the emergency security patch.The software giant said that there are some security flaws in some versions of Internet Explorer will allow an attacker to remotely run malicious code on affected device. A user could be stealthily infected by visiting a malicious web page or can be tricked into clicking on a link in an email.
Microsoft Response on Security Problem
According to Microsoft, “An attacker can successfully exploit the vulnerability could take control of an affected system,” Furthermore, the Microsoft said the vulnerability was under active exploitation and details of the flaw had not been made public.
Approximately 7% of all browser users are running the affected versions of Internet Explorer 9, 10 and 11, according to an estimated data. All supported versions of Windows are affected and this include Windows 7, Windows 8.1 and Windows 10 along with several Windows Server versions. Note that majority of the users can install the patches using Windows Update.
Microsoft also have issued a fix for the in-built malware scanner Windows Defender. If it gets exploited, then this could trigger a denial-of-service condition resulting in app failing to work.The company stated that action was required by users to remediate the bug in Windows Defender.
It is rare but not unheard for Microsoft to release emergency security patches outside typical monthly patching cycle. The company will typically release security fixes in the second week of every month called as Patch Tuesday. But it the release fixes significant vulnerabilities under active exploitation as soon as they are made available. Moreover, the Homeland Security warned its own advisory urging affected users to install the security patches.