The browser’s memory corruption vulnerability lets attackers remotely execute code as if they were the computer’s user, essentially giving them control of the computer, Microsoft wrote in a Wednesday security notice.
An attacker could set up a fake website designed to exploit the flaw and entice you to visit by emailing a link. The vulnerability is tied to how Microsoft’s scripting engine handles objects in Internet Explorer’s memory, a process the update modifies.
The company said it’s being used in targeted attacks, but didn’t offer further details. If you have Windows Update enabled (as Microsoft suggests you do), the latest security updates should have downloaded to fix this issue automatically.
The company didn’t immediately respond to a request for further comment.
Internet Explorer was the world’s most popular browser until 2016, when Google Chrome swept past it. Its popularity has plummeted since then — it accounted for less than 3 percent of website usage in November, according to analytics firm StatCounter.
Microsoft has shifted its browser focus to Edge, which is getting a Chromium-based refresh.