A fresh Internet Explorer zero-day vulnerability affecting Windows 7 and Windows 8.1 users has been uncovered by security researchers.
Security researcher David Leo reported uncovering the Internet Explorer 11 flaw in a post on the Full Disclosure forum.
A Microsoft spokesperson told V3 the firm is aware of the flaw but is yet to see evidence it is being actively exploited.
"To successfully exploit this issue, an adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they've created," read the statement.
"SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites.
"We're not aware of this vulnerability being actively exploited and are working to address it with an update."
Despite Microsoft's assurances the flaw has caused concerns within the security community.
Symantec's security response team warned it could be used by hackers to steal information.
"This zero-day vulnerability could allow an attacker to bypass the same-origin policy (SOP) in order to steal from and inject information into other websites," explained the team in an advisory.
"Microsoft has not yet issued a patch or security advisory for this vulnerability. At this time, there are no indications that this vulnerability has been exploited in the wild."
Chief security evangelist at Alert Logic Stephen Coty agreed with Symantec's findings, but added the attack would require a lot of effort.
"This Cross-Site Scripting (XSS) bug is a very limited vulnerability that affects only the users of Internet Explorer 11 on two Microsoft platforms. The user would have to visit a website, legitimate or malicious, that has been compromised with an iframe injection," he said.
Lancope CTO TK Keanini recommended users take a variety of protective measures while they wait for a fix.
"To mitigate the risk, I recommend always having multiple browsers available and until this is fixed, to use an alternate like Firefox or Chrome," he said.
"In the future, I'm sure one of those alternates will have a major flaw and you can navigate with the alternates until it is fixed. The good news is that you have choices these days, so use them."
The Microsoft Internet Explorer zero-day is one of many critical bugs found in recent weeks. Security researchers unearthed three separate zero-day vulnerabilities in Adobe Flash in January and early February.
V3 looks at how the world's most popular programming languages have evolved over the last 50 years - from Fortran to Swift
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern