Microsoft has issued an emergency update for its Internet Explorer browser to patch a critical vulnerability attackers are actively exploiting to install malware on targeted computers.
CVE-2015-2502, as the remote code-execution flaw is indexed, can be exploited when vulnerable computers visit booby-trapped websites or possibly when they open malicious HTML-based e-mails. The bug involves the way IE stores objects in memory and results in an error that corrupts memory contents. The vulnerability, which is present in all supported versions of IE, carries Microsoft's top severity of critical for all desktop versions of Windows. The rating is one step lower for server OSes because IE on those versions runs in a restricted mode known as enhanced security configuration.
In an advisory posted Tuesday afternoon, Microsoft officials wrote: