Serious Internet Explorer Bug Leaves Half of all Browsers Open to Hack

Image: A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin
A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel KopczynskiPawel Kopczynski / Reuters, file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.

Hackers have already used the flaw to launch "limited, targeted attacks," Microsoft said a "security advisory" on Saturday.

As with many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user's computer -- and even gain the same level of access to the computer as the real user.

It's a serious flaw, and a widespread one: Internet Explorer comprised almost 58 percent of all desktop browsers in March, according to analytics company Net Applications.

Even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers until Microsoft is able to fix the problem.

The Internet Explorer issue affects the browser's versions 6 through 11, Microsoft said in its post. Microsoft's response came one day after security company FireEye revealed the flaw in a post on its own site on Friday.

FireEye said attackers are focusing mostly on Internet Explorer versions 9 through 11, which make up about a quarter of all browsers. FireEye dubbed the attacks "Operation Clandestine Fox" and called the flaw "significant."

FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case.

Microsoft is still investigating the issue, and the company said it may fix the problem through either a scheduled or off-cycle security update.

Until then, Microsoft wrote in a separate blog post, the company recommends typical protection steps like installing anti-virus software and being cautious when visiting websites. Microsoft also suggested using Internet Explorer in "enhanced protected mode" and downloading a "toolkit" to help guard against attacks.

Those steps could help protect users of newer Windows versions until Microsoft releases a fix. But the glitch is a sobering reminder that no help is coming for users of Windows XP, as Microsoft dropped support of that operating system earlier this month.