Microsoft has said it’s investigating public reports of a vulnerability in all supported versions of Internet Explorer.
“The vulnerability exists due to an invalid flag reference within Internet Explorer,” the company said in a statement.
“It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
Microsoft says it’s aware of targeted attacks attempting to use this vulnerability.
“We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”