Following reports of an unpatched bug in older versions of the Internet Explorer (IE) browser, Microsoft has confirmed that the vulnerability allows hackers to hijack Windows machines.

Fortunately, Internet Explorer 9 and Internet Explorer 10 are not included in the affected browsers version list and, therefore, Window 8 users are safe. The bug, dubbed 'zero-day' flaw, mainly works on Windows machines running Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8.

Follow us

In a security advisory released on Saturday, Dec. 29, Microsoft confirmed the existence of 'zero-day' vulnerability and recommended users keep their Web browser up to date.

"The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft wrote.

According to The Washington Free Beacon, the vulnerability exploited Windows PCs whose users visited the Web site of Council of Foreign Relations (CFR) - a foreign policy think tank with servers and office in New York. Using the pirated computer system, hackers attacked CFR members and other visitors.

Free Beacon reports that the hack was first detected on Dec. 26 and pointed to Chinese hackers for attacking CFR's Web site. FireEye claims that the CFR Web site hosted the malicious code since Dec. 21. Other security firms believe that the attacks using the IE vulnerability started as early as Dec. 7.

The Web site of CFR was neutralized against the attack on Dec. 28, but security of users on Windows machines running Windows XP, Windows Vista, and Windows 7 remains vulnerable..

In a separate post on Security Research & Defense blog, Microsoft wrote that it is "working around the clock on the full security update" and announced the availability of a 'Shim' to block active attacks against IE 6, IE7, and IE 8 users.

Join Our Conversation

Smartphones

Samsung Galaxy S4, Galaxy Note 8.0 Top Consumer Reports Rankings

Nokia Xpress Now Web App Announced For Asha Devices

Samsung Galaxy S4 'Google Edition' Will Be Available In U.S. Only?

Sony Xperia UL Reaches Japan With New Camera Features

Tablet / Laptop / PC

Samsung Galaxy S4, Galaxy Note 8.0 Top Consumer Reports Rankings

Samsung Galaxy Tab 3 8-Inch Specs, Photo Leak Online

Asus 1015E Ubuntu Notebook To Launch Soon With $215 Price Tag

New MacBook Air To Debut In June With Intel's New Haswell Processor?

Gadgets

Ouya Will Be At E3 2013, But Not Where You Think

Next Microsoft Xbox To Sport Dashboard UI Update And Tile Changes

Google Media Streamer Hits FCC To Replace Nexus Q

Google Glass Raises Lawmakers' Concerns: Congress Demands Answers About Privacy

OS / Software

Samsung Galaxy S4 'Google Edition' Will Be Available In U.S. Only?

Android 5.0 Key Lime Pie Mentioned In Google I/O 2013: Is Google Working On The Firmware Update?

Android 4.2.2 Jelly Bean Update For Samsung Galaxy S3 Leaked

Samsung Galaxy S4 Mega Confirmed By Samsung In WatchOn Change Log?

Internet / Social Media

AT&T Promises Cellular Video Calls, Mobile Video Chat For All Customers

Flickr Boasts 'Spectacular' Redesign, Offers A Whopping 1TB Of FREE Storage

Download 40 GB In A Second: Researchers Set Up World's Fastest Wi-Fi Network In Germany

YouTube Shoppable Videos - Will Google Hit A New Jackpot?

What's App

Nokia Xpress Now Web App Announced For Asha Devices

Samsung Galaxy S4 App Contest Boasts $800,000 Total Prizes For Talented Devs

Intellicam App Brings First Hands-Free Camera Feature To Windows Phone 8

Seven New Apps Coming To Google Glass: Facebook, Twitter, And Evernote Included