Microsoft is investigating a zero-day flaw in its Internet Explorer browser after security researchers discovered a new vulnerability being exploited by hackers. The company has urged customers running IE on their browsers to download a security tool to help protect their machines until it issues a fix for the bug, while some researchers have flatly recommended avoiding the browser until it is patched.
"We're aware of targeted attacks potentially affecting some versions of Internet Explorer," Microsoft said on its website.
The vulnerability reportedly affects three versions of Internet Explorer - IE 7, 8 and 9 - running on XP, Vista and Windows 7 versions of Microsoft’s operating system, and allows hackers to gain remote access to infected computers.
Luxembourg researcher Eric Romang first discovered the bug last week when he discovered a piece of code from the malicious Poison Ivy software on his computer. Upon analysing the attack, he discovered that the malware had landed on his machine through a zero-day, or previously unseen, flaw. Romang has linked the attack to the so-called Nitro hacker collective, which recently executed a series of attacks targeting Java.
Microsoft is urging users to download the Enhanced Mitigation Experience Toolkit (EMET), a free piece of security software, as a temporary measure while it investigates the bug and releases a more secure version of its browser.
The vulnerability affects hundreds of millions of IE users, given that it is the world’s second most popular browser, with a market share of some 33 per cent. Chrome is ahead only slightly with 34 per cent of the market, though this latest flaw could prove to be a boon for the Google-owned browser.