The vulnerability, discovered by the security firm Kaspersky, lies in the browser’s scripting engine. A hacker could use it to execute remote code on a device using the browser and gain administrative privilege on the device. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” said Microsoft, which runs Internet Explorer.
Microsoft has since distributed a fix, but TechRadar reports that hackers attempted to exploit the vulnerability this spring against a company in South Korea. While Kaspersky was able to detect and mitigate that hack before it was successful, it is unclear if any other cyberattacks have ever exploited this vulnerability.