Microsoft has released an emergency out-of-band patch for a "critical"-rated security vulnerability, affecting all supported versions of Windows.
The software giant said in an advisory
Tuesday that users visiting a specially-crafted website can lead to remote code execution on an affected machine.
The zero-day flaw (classified as CVE-2015-2502
) works by exploiting a flaw in how Internet Explorer handles objects in memory. If successfully exploited, an attacker could "gain the same user rights as the current user," the advisory said. Those running administrator accounts are particularly at risk, it said.