Microsoft has issued Vulnerability-related.PatchVulnerability an emergency , out-of-band patch for an Internet Explorer zero-day that was being actively exploited Vulnerability-related.DiscoverVulnerability in targeted attacks . The company says that it learned about the vulnerability through a report from Google . CVE-2018-8653 affects Vulnerability-related.DiscoverVulnerability a range of versions of Internet Explorer from 9 to 11 , across Windows 7 to 10 and Windows Server . The vulnerability amounts to a remote code execution exploit , and it was first spotted Vulnerability-related.DiscoverVulnerability by Google 's Threat Analysis Group . Microsoft explains Vulnerability-related.DiscoverVulnerability that a problem with Internet Explorer 's scripting engine could be exploited Vulnerability-related.DiscoverVulnerability by an attacker to execute arbitrary code on a victim 's computer . In a short security advisory , the company says : Today , we released Vulnerability-related.PatchVulnerability a security update for Internet Explorer after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Customers who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates , are protected automatically . We encourage customers to turn on automatic updates . Microsoft would like to thank Google for their assistance . In a more detailed security vulnerability posting , Microsoft explains the impact of the problem : A remote code execution vulnerability exists in Vulnerability-related.DiscoverVulnerability the way that the scripting engine handles objects in memory in Internet Explorer . The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user . An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could gain the same user rights as the current user . If the current user is logged on with administrative user rights , an attacker who successfully exploited Vulnerability-related.DiscoverVulnerability the vulnerability could take control of an affected system . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . In a web-based attack scenario , an attacker could host a specially crafted website that is designed Attack.Phishing to exploit the vulnerability through Internet Explorer and then convince Attack.Phishing a user to view the website , for example , by sending Attack.Phishing an email . The security update addresses Vulnerability-related.PatchVulnerability the vulnerability by modifying Vulnerability-related.PatchVulnerability how the scripting engine handles objects in memory .

Microsoft today released Vulnerability-related.PatchVulnerability an emergency software patch to plug Vulnerability-related.PatchVulnerability a critical security hole in its Internet Explorer ( IE ) Web browser that attackers are already using to break into Windows computers . The software giant said Vulnerability-related.DiscoverVulnerability it learned Vulnerability-related.DiscoverVulnerability about the weakness ( CVE-2018-8653 ) after receiving a report Vulnerability-related.DiscoverVulnerability from Google about a new vulnerability being used in targeted attacks . Satnam Narang , senior research engineer at Tenable , said Vulnerability-related.DiscoverVulnerability the vulnerability affects Vulnerability-related.DiscoverVulnerability the following installations of IE : Internet Explorer 11 from Windows 7 to Windows 10 as well as Windows Server 2012 , 2016 and 2019 ; IE 9 on Windows Server 2008 ; and IE 10 on Windows Server 2012 . “ As the flaw is being actively exploited Vulnerability-related.DiscoverVulnerability in the wild , users are urged to update Vulnerability-related.PatchVulnerability their systems as soon as possible to reduce the risk of compromise , ” Narang said . According to a somewhat sparse advisory about the patch , malware or attackers could use the flaw to break into Windows computers simply by getting a user to visit a hacked or booby-trapped Web site . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . Microsoft says users who have Windows Update enabled and have applied Vulnerability-related.PatchVulnerability the latest security updates are protected automatically . Windows 10 users can manually check for updates this way ; instructions on how to do this for earlier versions of Windows are here .