Microsoft have recently announced (26/04/14) a serious security vulnerability in its Internet Explorer web browser. It affects version 6, 7, 8, 9, 10 and 11 of the program meaning that anyone running Windows XP, Vista, 7, 8, or 8.1 could be at risk. In Security Advisory 2963983 Microsoft describe a potential flaw that within Internet Explorer whereby a hacker could remotely execute code on a victim system and be able to create or take over a user account with the same permissions as the victim.
Quote from Microsoft Security Advisory Site:
The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
As Internet Explorer is the preferred web browser for approximately 25% of worldwide web users and this flaw spans across multiple versions of the popular browser it is essential for anyone using Internet Explorer to be extra vigilant, ensure they have a good, up to date Internet Security Package installed, and make sure they have all the latest Windows Updates installed. You can always try using an alternative Web Browser such as Google Chrome or Mozilla Firefox while this issue is being fixed by Microsoft.
As of yet there is no patch/update for this vulnerability, but Microsoft says it is investigating the flaw and undoubtedly will have a fix out shortly.