Microsoft has issued a "critical" patch for every supported version of Windows.
The software giant said in its monthly security bulletin as part of its so-called Patch Tuesday that Windows Vista and later, including Windows 10, require patching from a serious remote code execution flaw in Internet Explorer.
Microsoft's Edge browser is unaffected by the flaw.
The patch, MS15-106, addresses a flaw in how Internet Explorer handles objects in memory, the company said in its advisory. If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user, such as installing programs, and deleting data.
An attacker would have to "take advantage of compromised websites, and websites that accept or host user-provided content or advertisements," said the advisory. "These websites could contain specially crafted content that could exploit the vulnerabilities."
Windows server systems are also at risk, but its enhanced security mode helps to mitigate the vulnerability.
The software giant acknowledged researchers from FireEye, HP's Zero Day Initiative, Trend Micro, and Verisign, among others, for their work in discovering the flaw.
October's patches will be available through the usual update channels.