Internet Explorer has a major security flaw, but Microsoft can't patch it yet

News
By Anthony Spadafora
published

A patch will be made available next month even though the flaw is currently being exploited in the wild

(Image credit: Wonderlane / Flickr)

Following the reveal of a major security flaw in Internet Explorer that is currently being exploited by hackers, Microsoft has confirmed its existence though the software giant has no immediate plans to release a patch to fix it.

The security flaw in the company's legacy browser was first disclosed by a division of Homeland Security called US-CERT, that reports on major security flaws, in a tweet which contained a link to a security advisory concerning the bug. According to the advisory, the vulnerability has already been “detected in exploits in the wild”.

All supported versions of Windows, including Windows 7 which will no longer receive security updates, are affected by the flaw according to Microsoft.

Internet Explorer vulnerability

The vulnerability concerns how Internet Explorer handles memory and an attacker could leverage the flaw to remotely run malicious code on an affected computer. It also bears a striking resemblance to a similar vulnerability that was recently disclosed by Mozilla.

The Chinese security research team Qihoo 360 was the first to find the security flaw being used by attackers in the wild. However, the research team, Microsoft and Mozilla do not yet know which attackers are exploiting the flaw, how they're doing it or who they're targeting.

The security flaw appears to be serious enough that even the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding it, which reads:

“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.”

Microsoft is currently working on a fix for the issue but a patch likely won't arrive until the company's next round of monthly security fixes which is scheduled for February 11.

Via TechCrunch

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.