Microsoft has urged people to update Internet Explorer after finding a major flaw.
The browser’s memory corruption vulnerability lets attackers remotely execute code as if they were the computer’s user, essentially giving them control of the computer, Microsoft wrote in a Wednesday security notice.
An attacker could set up a fake website designed to exploit the flaw and entice you to visit by emailing a link. The vulnerability is tied to how Microsoft’s scripting engine handles objects in Internet Explorer’s memory, a process the update modifies.
The company said it’s being used in targeted attacks, but didn’t offer further details. If you have Windows Update enabled (as Microsoft suggests you do), the latest security updates should have downloaded to fix this issue automatically.
Microsoft noted that Clement Lecigne of Google’s Threat Analysis Group discovered the vulnerability, according to Ars Technica.
The company didn’t immediately respond to a request for further comment.
Internet Explorer was the world’s most popular browser until 2016, when Google Chrome swept past it. Its popularity has plummeted since then — it accounted for less than 3 percent of website usage in November, according to analytics firm StatCounter.
Microsoft has shifted its browser focus to Edge, which is getting a Chromium-based refresh.
Microsoft rebuilds Edge browser on Chrome tech: And Google gains that much more power over the web.
CNET’s Holiday Gift Guide: The place to find the best tech gifts for 2018.