A critical security vulnerability has been found in Internet Explorer (IE). By exploiting this leak, criminals can remotely execute code on the system and even access it. The leak is already being abused, but a patch is still pending.

The security leak is located in the scripting engine of Internet Explorer 9, 10 and 11. It concerns the way the browser handles objects in memory. This version of Internet Explorer is hardly used by consumers, but in the business world the browser is still used in some places.

Microsoft has taken a number of steps with commands on its website to explain how the security leak can be fixed temporarily. The final patch will follow on February 11th, during the regular Patch Tuesday. Microsoft is not planning to release the patch any earlier.

In the United States Homeland Security has warned people and companies about this vulnerability. The advice is to stop using Internet Explorer and switch to a modern browser. For example, users could choose Microsoft (Chromium) Edge, Chrome or Firefox.