Microsoft Corporation (NASDAQ:MSFT)’s web browser Internet Explorer has a serious flaw. Some hackers who knew about the flaw have already been exploiting it. And the ones who were not aware of it before are now trying to exploit the vulnerability as Microsoft rushes to fix the security flaw. It has left many large corporations and government agencies at risk.

Microsoft IE

Microsoft to issue a fix after investigating the issue

Cybersecurity firm FireEye Inc first identified the flaw. Microsoft Corporation (NASDAQ:MSFT) said in a security advisory Saturday that it has identified “limited target attacks” and the company is working to fix the issue. The vulnerability is present in Internet Explorer versions 6-11. According to FireEye, the affected versions of Internet Explorer occupy 26% of the browser market. FireEye said a group of hackers have already been exploiting the bug under their “Operation Clandestine Fox” campaign.

FireEye said that hackers have already been exploiting it to attack the U.S. defense and financial companies. Microsoft Corporation (NASDAQ:MSFT) has promised a security update soon. But the update won’t be available to Windows XP users because the company has ended support to the 13-year old operating system. Security firms estimate that about 300 million PCs still run Windows XP.

Microsoft and FireEye tell you how to protect your PCs

Microsoft Corporation (NASDAQ:MSFT) said that the bug allows a hacker to gain control over a PC and have the same rights and the original users. That means hackers can install malicious programs, view, alter or delete your data. FireEye said users need to switch to another browser until the security update is released. Users who don’t want to use another browser can download Microsoft’s Enhanced Mitigation Experience Toolkit version 4.1 to guard against attacks until the security update is released. 

Alternatively, FireEye said users can disable the Adobe Flash plugin to prevent attacks because hackers can’t exploit the bug without it. You can also run the Internet Explorer in enhanced protection mode, which is available only for versions 10 and 11. It’s not the first time hackers are taking advantage of the security flaws in Internet Explorer.

Microsoft Corporation (NASDAQ:MSFT) shares inched up 0.30% to $40.03 in pre-market trading Monday.