The browser vulnerabilities were first made public a 20-year-old security researcher who says he first notified Microsoft about the issues 10 months ago.

The vulnerability is exploited by visiting a malicious web page or opening a malicious Microsoft Word document rendered with Internet Explorer.

The flaw could affect all users running vulnerable software — which includes anyone using the bundled browser in Windows 7, Windows 8.1, and Windows 10.

Microsoft issued a patch Tuesday to close a zero-day exploit in all supported versions of Internet Explorer.