Microsoft has issued a fix for zero-day vulnerability in older versions of Internet Explorer that could allow attackers to gain control of Windows-based computers to host malicious web sites.
The company confirmed at the weekend that it was investigating remote code execution vulnerability in IE 6, IE 7, and IE 8 that could allow an attacker to use the corrupted PC to host a web site designed to exploit the vulnerability with other users. Versions of the browser after IE 8 are unaffected, Microsoft said.
Microsoft said in an update to the security advisory that it developed a one-click fix that prevents the vulnerability from being exploited without affecting users' ability to browse the web. Microsoft also said the fix does not require a reboot.
Microsoft cautioned that the workaround was not intended to serve as a replacement for security updates.
"While we still observed only a few attempts to exploit this issue, we encourage all customers to apply this fix it to help protect their systems," Group Manager for Microsoft's Trustworthy Computing, Mr. Dustin Childs, said in a statement.
Discovered last week, the flaw was reportedly used to exploit Windows PC users who visited the web site.