Microsoft has rushed out an emergency patch for its Internet Explorer browser to address a critical flaw that is being exploited in the wild.
The flaw is said to be a scripting-engine memory-corruption bug designated CVE-2019-1367 and attackers are said to have built booby-trapped websites to exploit the flaw.
Microsoft typically issues patches and repairs as part of its monthly Patch Tuesday update cycle, but in serious cases such as this, it can issue emergency patches.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,” said Microsoft in its advisory, which affects Internet Explorer version 9 to 11.
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” it warned.
“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.