Microsoft Web Browser Security Bug Could Impact Millions of Users. Microsoft issued a security advisory on Saturday warning users of a vulnerability in its Internet Explorer web browser that could allow malicious “remote code execution.”
The vulnerability affects all versions of the browser and, as of this writing, there is no patch available to fix the issue. FireEye, the security firm taking credit for finding the vulnerability, posted a notice on its website alerting users to the issue.
“Threat actors are actively using this exploit in an ongoing campaign which we have named ‘Operation Clandestine Fox,’” reads the statement on FireEye’s website.
Security firm Symantec issued its own alert regarding the issue, highlighting the fact that Windows XP users are particularly susceptible, stating, ” especially XP users are not safe anymore and this is the first vulnerability that will be not patched for their system.”
This last point is no small issue as Microsoft officially ended support for Windows XP earlier this month, which means no more security updates for the millions still using the operating system.
According to NetMarketshare, Internet Explorer accounts for roughly 58% of the world’s desktop browsers.
At present, the safest option might be to use another browser until Microsoft issues a security patch.
For its part, Microsoft says that at the completion of its investigation it will “take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”