Users of all the current versions of Microsoft Internet Explorer browser could be defenseless to computer hijacking due of a serious security risk that had yet to be fixed. The flaw allows criminals to hijack victims’ computers simply by tricking them into going to websites that are filled with malicious programming code. As many as 10,000 sites have already been taken over.

The websites are largely Chinese and have been serving applications that steal passwords for computer games, which can be sold for money on the black market. However, the bug is such that it could be used by more financially motivated criminals and would cause more serious harm. “Zero-day” vulnerabilities such as this one are ideal for criminals because computer owners have few ways of fighting off the attacks.

The latest bug is significant since Explorer is the default browser for about 70% of the world’s computers. Additionally, while Microsoft stated it has detected attacks only against version 7 of Internet Explorer, which is the most commmon edition, the company warned that other versions could also be vulnerable. Microsoft said it is researching the flaw and is deliberating  to fix it using an emergency software patch outside of its regular monthly updates. The company for now is informing users to use a series of complex workarounds to reduce the threat. Most security experts, in the meantime, are advocating Internet Explorer users to switch to another browser until a patch is offered.