For the attack, they use a vulnerability in the browser’s memory management (script engine), reports Heise Online. To successfully exploit the vulnerability , it is sufficient to surf on a specially designed website with the Explorer.

Microsoft warns that attackers will then have the opportunity to execute code on the computer and, if the victim uses admin rights during the attack, even take full control of the affected device.

An update to fix the vulnerability has already been released, but is not yet available via Windows Update. It is therefore recommended to install the update manually immediately. The vulnerability affects versions Internet Explorer 9, 10 and 11 on various Windows systems.