US Computer Emergency Readiness Team and its British counterpart told people to stop using Internet Explorer until Microsoft releases a patch to fix a serious bug. A new Internet Explorer vulnerability that affects all major versions of Internet Explorer has been discovered.
The bug allows attackers to install malware on your computer without your permission. The malware can be used to steal personal data, track online behavior, or gain control of the computer. Security firm FireEye, which discovered the bug, said that the flaw is being used with a known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11 running on Windows Vista, Windows 7, and Windows 8.
Microsoft's security advisory describes the nature of the exploit:
The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.