The bug potentially affects every user of the Internet Explorer web browser – around 900 million people worldwide.
In a security advisory, the company warned of a loophole that could be used by malicious hackers to steal private information or hijack computers.
Microsoft has issued a software patch to defend against attacks, and said it was working to develop a long-term fix.
Microsoft admitted that the problem meant users could easily be fooled into downloading malicious files by doing something as simple as clicking on a web link.
“When the user clicked that link, the malicious script would run on the user’s computer for the rest of the current Internet Explorer session,” wrote Microsoft representative Angela Gunn in a website announcement accompanying the advisory.
Once the computer had been hijacked, hackers could use it to steal personal data or send users to fake websites, she added.
The security advisory is available here, 2501696.
The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim’s Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.
All Windows users – particularly those who use Internet Explorer – are being urged to download the fix while the company’s security team develop a way to plug the hole permanently.
For a faster browser experience, why not spend some time playing with Google Chrome?
Want to see just how fast? Look here for a cool video.