Watch out, Internet Explorer users.
Microsoft has confirmed that every version of Internet Explorer is vulnerable to what is known as a “remote code execution.” Security company FireEye claims this means more than 26 percent of Internet browsers can be attacked by hackers who could use the vulnerability to lure users to a webpage that would allow the hackers to gain full access to the user’s device.
While a few versions of Internet Explorer have an enhanced security configuration that makes the attack less likely, most popular versions of the web browser do not. Most of the attacks are occurring on computers using Internet Explorer versions 9, 10, and 11.
Microsoft’s suggested workarounds include running an “Enhanced Mitigation Experience Toolkit,” or blocking ActiveX controls and Active scripting, which would make the browser incapable of landing on many e-commerce sites. FireEye noted that disabling Adobe Flash will also prevent attacks. Here’s another workaround: switch to Firefox or Chrome.
Microsoft confirmed there have been "limited, targeted attacks" exploiting the vulnerability, but it is not clear who is behind them. FireEye labels the group an “APT group” which stands for “Advanced Persistent Threat.” That means this isn't a novice outing. These are likely attackers who have struck before and will strike again.