Microsoft had not fixed a flaw in older versions of Internet Explorer that leaves users vulnerable to hackers, despite being informed of the issue six months ago. The flaw allows remote attackers to execute arbitrary code on vulnerable versions of IE such as version 8. While IE has since been replaced, it still accounts for around 20% of internet traffic. The researcher first disclosed the flaw to Microsoft in November but heard no indication it would be fixed before details were made public.