Skip to main content

Internet Explorer has a major security flaw, but Microsoft can't patch it yet

(Image credit: Wonderlane / Flickr)

Following the reveal of a major security flaw in Internet Explorer that is currently being exploited by hackers, Microsoft has confirmed its existence though the software giant has no immediate plans to release a patch to fix it.

The security flaw in the company's legacy browser was first disclosed by a division of Homeland Security called US-CERT, that reports on major security flaws, in a tweet which contained a link to a security advisory concerning the bug. According to the advisory, the vulnerability has already been “detected in exploits in the wild”.

All supported versions of Windows, including Windows 7 which will no longer receive security updates, are affected by the flaw according to Microsoft.

Internet Explorer vulnerability

The vulnerability concerns how Internet Explorer handles memory and an attacker could leverage the flaw to remotely run malicious code on an affected computer. It also bears a striking resemblance to a similar vulnerability that was recently disclosed by Mozilla.

The Chinese security research team Qihoo 360 was the first to find the security flaw being used by attackers in the wild. However, the research team, Microsoft and Mozilla do not yet know which attackers are exploiting the flaw, how they're doing it or who they're targeting.

The security flaw appears to be serious enough that even the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding it, which reads:

“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.”

Microsoft is currently working on a fix for the issue but a patch likely won't arrive until the company's next round of monthly security fixes which is scheduled for February 11.

Via TechCrunch

Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.