TORONTO – Microsoft is working to fix a bug in its Internet Explorer web browser after a security company disclosed the bug over the weekend, warning that it could allow for malicious “remote code execution.”
Cybersecurity software maker FireEye Inc said that hackers had already exploited the bug in attacks against U.S-based financial and defense companies. FireEye did not elaborate on the nature of the attacks.
In a security bulletin posted on its website Saturday, Microsoft said it is working on a fix.
The bug could allow hackers to have the same level of access to a computer as the normal user.
“An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” read the security update.
The bug is present in Internet Explorer versions 6 to 11.
On Monday the U.S. Department of Homeland Security advised that Internet Explorer users avoid the web browser until a fix has been deployed.
The Canadian Security Intelligence Service has not issued a warning about the security bug.
But bug presents a bigger problem to any users still running Microsoft Windows XP on their computers.
On April 8, Microsoft stopped offering technical support and security updates for machines running the operating system, which still ranks as the second-most popular OS in the world.
This means that the security patch the company releases for the Internet Explorer bug will not be offered to Windows XP users – leaving them vulnerable.
“This will be the first zero-day vulnerability that will not be patched for Windows XP users,” said Symantec researcher Christian Tripputi wrote in a blog post. “We recommend that unsupported operating systems, such as Windows XP, be replaced with supported versions as soon as possible.”
Microsoft encourages customers to enable a security firewall and use anti-malware software if possible and apply all Microsoft software updates as soon as they become available.
In the meantime, those who use Internet Explorer may want to use a different browser.
Global News contacted Microsoft for an estimate of how long it will take for a security update to become available, but the company did not immediately respond to request for comment.