Microsoft is investigating a flaw in Internet Explorer (IE) 5 apparently discovered by people looking at copies of its stolen Windows source code.

Yesterday the company said the vulnerability was a known flaw that was fixed by the latest release of Internet Explorer 6.0 Service Pack 1.

But many web surfers still use Internet Explorer 5.

A spokeswoman for the company confirmed: "Microsoft is currently investigating reports of potential vulnerabilities in IE versions 5, 5.1 and 5.5".

She could not say when a patch for IE 5 would be available.

Security firm Ubizen described the problems with IE 6 as the "thin end of the wedge".

David Williamson, UK head of Ubizen, said in a statement: "While Microsoft took positive steps to protect later IE versions against this vulnerability, this does not negate the security concerns of those operating on version 5."

Companies often work on a scheduled patching regime of every two weeks at the most, but may consider immediate patching or upgrading to a newer version of IE.

However, reactive patching is risky, expensive, disruptive and time consuming, and companies understandably prefer to avoid this approach as it could potentially affect systems, Ubizen said.

"Businesses reliant on Microsoft technology need to be extremely vigilant in this heightened state of alert," added Williamson.