Microsoft has warned that a flaw in Internet Explorer (IE) means the browser could automatically run malicious code that is on a website or attached to an email, without informing users.
The software giant released an advisory note on Friday indicating that, although IE versions 5.01 and 5.5 will only open executables with user permission, they will open binary attachments written in HTML - such as images - automatically because HTML emails are basically web pages.
IE looks at the Multipurpose Internet Mail Extension (Mime) header of the email to determine which attachments it should open automatically. But it is possible to modify the Mime header and trick the browser into opening files such as executables automatically.
This means that hackers could add hostile pieces of code to a website, which would run the program automatically if anyone views the page.
Alternatively, hackers could send an email with a malicious attachment that could also be run automatically, although the level of damage caused in this instance would correspond to a user's privileges. The code could not do any damage at the root level, for example, if the user did not have administrator-level rights.
George Guninski, an independent security analyst, gave the glitch a high risk factor, but said the problem could be bypassed by disabling Active Scripting in the internet options menu.
But Microsoft has already released a patch for the bug and is urging all users of IE versions 5.01 and 5.5 to download it.
An accompanying security bulletin says the glitch enables hackers to run code "of the attacker's choice", allowing them to take "any action that the user himself could take on his machine, including adding, changing or deleting data, communicating with Web sites, or reformatting the hard drive".
Download the patch here.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago