On Tuesday, Microsoft released a patch for all supported versions of Internet Explorer, including Windows 10. The patch addresses a memory corruption vulnerability, one that is actively being exploited by criminals.
"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability," Microsoft said in their advisory.
Now that the vulnerability has been disclosed, with credit given to Google researcher Clement Lecigne, experts say that it won't belong before this issue is ported into various exploit kits. However, it would appear that since the flaw was being actively targeted online, that Lecigne and the criminal community discovered this issue at the same time.
An important note, while Microsoft encouraged users to switch to Windows 10 and the Edge browser, anyone using Internet Explorer 11 on Windows 10 will need to apply this patch.
"The Windows 10 update is cumulative. In addition to containing non-security updates, it also contains all of the security fixes for all of the Windows 10-affected vulnerabilities shipping with this month’s security release," Microsoft explained.
Also, anyone running a supported version of Internet Explorer (versions 7-11) on Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows RT 8.1 must first install the 3078071 update released on August 11, 2015 before installing the 3087985 update (MS15-079).