Microsoft Surface Pro 3 with Windows 10
Microsoft Surface Pro 3 with Windows 10 Microsoft

A dangerous security flaw in Microsoft Internet Explorer is allowing attackers access to and control of computers running all versions of Microsoft’s Windows operating system, including the new Windows 10.

Microsoft said the “remote code execution flaw” in its Internet Explorer web browser “exists in absolutely all Windows versions currently on the market”. It also warned users of Vista, 7, 8, 8.1, and 10 to install a series of critical security patches it's issued since Tuesday to fix the vulnerability.

Microsoft Windows server software is also susceptible to the flaw but not as severely due to its enhanced security mode. Microsoft's Edge browser is unaffected by the flaw, however.

A patch issued Tuesday brings to six the number of security updates issued by Microsoft to meet this new threat. Among these six patches is a critical patch supposed to fix the remote code execution flaw.

In its Security Bulletin about the patch called MS15-106 issued yesterday, Microsoft said an attacker that successfully exploited these vulnerabilities “could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights”.

Microsoft said its security update is rated “Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers”.

MS15-106 addresses a flaw in how Internet Explorer handles objects in memory, said Microsoft.

It addresses the vulnerabilities caused by the remote code execution flaw by modifying how Internet Explorer handles objects in memory and modifying how Internet Explorer, JScript and VBScript handle objects in memory.

Microsoft said that to exploit the remote code execution flaw, an attacker needs to take advantage of compromised websites and websites that "accept or host user-provided content or advertisements”.

"The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer”.

Contact the writer at feedback@ibtimes.com.au or tell us what you think below.