Microsoft today released an emergency patch for a critical vulnerability in Internet Explorer that has been found in 'the wild'. An exploit using the vulnerability is currently used by cybercriminals to infect users with malware. Users can be infected when visiting a hacked or malicious website with advertisements that exploit the browser vulnerability.
When the attack succeeds, the cybercriminals are able to execute random code on the computer with the privileges of the currently logged in user. Users that browse with a Windows account with limited rights are therefore safer than when browsing with Administrator rights.
The vulnerability was already exploited before a patch from Microsoft became available. It's unclear who's behind the attacks and which users were targeted.
A researcher from Google discovered the vulnerability and reported it to Microsoft. Internet Explorer 7 till 11 are vulnerable on Windows Vista, Windows 7, Windows 8(.1) and Windows 10.
Microsoft has now issued a patch that can be installed through Windows Update, on Windows 10 it's installed automatically, unless automatic updates are turned off.
