Microsoft patches Internet Explorer to stop PC takeover attacks – CNET

Microsoft sign on a building facade.

Heads up, Internet Explorer users. There’s a security vulnerability afoot.

Jaap Arriens/NurPhoto via Getty Images

Microsoft has urged people to update Internet Explorer after finding a major flaw.

The browser’s memory corruption vulnerability lets attackers remotely execute code as if they were the computer’s user, essentially giving them control of the computer, Microsoft wrote in a Wednesday security notice.

An attacker could set up a fake website designed to exploit the flaw and entice you to visit by emailing a link. The vulnerability is tied to how Microsoft’s scripting engine handles objects in Internet Explorer’s memory, a process the update modifies.

The company said it’s being used in targeted attacks, but didn’t offer further details. If you have Windows Update enabled (as Microsoft suggests you do), the latest security updates should have downloaded to fix this issue automatically.

Now playing: Watch this: How Chrome changed web browsers 10 years ago

2:24

Microsoft noted that Clement Lecigne of Google’s Threat Analysis Group discovered the vulnerability, according to Ars Technica.

The company didn’t immediately respond to a request for further comment.

Internet Explorer was the world’s most popular browser until 2016, when Google Chrome swept past it. Its popularity has plummeted since then — it accounted for less than 3 percent of website usage in November, according to analytics firm StatCounter.

Microsoft has shifted its browser focus to Edge, which is getting a Chromium-based refresh.

Microsoft rebuilds Edge browser on Chrome tech: And Google gains that much more power over the web.

CNET’s Holiday Gift Guide: The place to find the best tech gifts for 2018.