Discovered by security firm Kaspersky, the bug could be exploited by hackers to perform remote code execution on a target device and seize administrative privileges.
The vulnerability is also a zero-day - meaning hackers were able to exploit it before Microsoft could administer a fix - and was handed a critical severity rating of 7.5/10, as per the Common Vulnerability Scoring System (CVSS).
- Check out our list of the best antivirus services around
- We've built a list of the best malware removal software out there
- Here's our choice of the best Windows 10 antivirus services available
Internet Explorer vulnerability
According to Microsoft’s report, the bug was found in the browser’s scripting engine and is linked to the way objects are handled in memory.
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” explained the firm.
This could be especially problematic if an attacker were to target a device administrator, allowing them to install software, edit or delete data and create new accounts with full access privileges.
In late spring, the exploit was used in the wild to assault a company in South Korea, but the attack was mitigated by Kaspersky. It is unclear whether the zero-day has been abused in any other attacks.
“When in the wild attacks with zero-day vulnerabilities happen, it is always big news for the cybersecurity community. Successfully detection of such a vulnerability immediately pressures vendors to issue a patch and forces users to install all necessary updates,” explained Boris Larin, Security Expert at Kaspersky.
“This case includes an exploit with remote code execution capabilities, which is more dangerous. Coupled with the ability to affect the latest Windows 10 builds, the discovered attack is truly a rare thing nowadays.”
Microsoft delivered a fix for the Internet Explorer bug this week, as part of August 2020 Patch Tuesday. To shield against attack, users are advised to update to the latest version immediately.
- Here's a list of the best anonymous browsers on the market
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.