Microsoft has issued an emergency update for its Internet Explorer web browser to patch a vulnerability that can be exploited simply by users visiting malicious websites.
The company issued the MS15-093 security bulletin, marked as critical, warning that all current versions of Internet Explorer are affected by the flaw, which could allow remote code execution by attackers.
This includes Internet Explorer 7 to 11, runnning on Windows Vista and newer supported versions of the desktop operating system, and also Windows Server 2008 onwards.
However, the risk of compromise in Server 2008 is only moderate thanks to Enhanced Security Configuration (ECS) restricted mode, Microsoft said.
A specially crafted website could trigger memory corruption in user systems through Internet Explorer if attackers can lure people to visit the malicious site.
This is due to the browser accessing objects in memory improperly, something attackers can abuse to run arbitrary code with the rights of the user, Microsoft said.
The vulnerability is serious enough to allow attackers full control of victims' systems if they are logged on with administrative rights.
Microsoft is sending out the patch to users through Windows Update.