Cybersecurity firm, FireEye, discovered the vulnerability on Saturday, where they said hackers had already exploited the flaw in a campaign called “Operation Clandestine Fox” that was designed to attack U.S. financial and defense companies.
Versions 6 through 11 of Internet Explorer were affected by the flaw, with Microsoft noting that it was aware of “limited, targeted attacks” aimed at exploiting the vulnerability.
According to NetMarketShare, the five versions of the web browser affected make up 55 percent of the PC browser market.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft in a security post.
FireEye stated in its blog post that the attacks had been aimed at versions 9 through 11 of the web browser.