The flaw affects Internet Explorer (IE) versions 6 to 11 and Microsoft said it was aware of "limited, targeted attacks" to exploit it.

 

According to NetMarket Share, the IE versions account for more than 50% of global browser market.

 

Microsoft says it is investigating the flaw and will take "appropriate" steps.

 

The firm, which issued a security advisory³ over the weekend, said the steps "may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs".

 

 

However, the issue may be of special concern to people still using the Windows XP operating system. 

 

That is because Microsoft ended official support for that system earlier this month.

 

It means there will be no more official security updates and bug⁴ fixes for XP from the firm.

 

Cyber security firm Symantec said it had carried out tests which confirmed that "the vulnerability crashes Internet Explorer on Windows XP". 

 

"This will be the first zero day vulnerability that will not be patched for Windows XP users," it added.

 

About 30% of all desktops⁵ are thought to be still running Windows XP and analysts⁶ have previously⁷ warned that those users would be vulnerable to attacks from cyber-thieves.

 

Microsoft has suggested businesses and consumers still using the system should upgrade to a newer alternative.

点击收听单词发音