Microsoft has warned of a flaw in ActiveX that allows an attacker to run malicious code on a victim's computer.
The vulnerability involves a feature called Outlook View Control that allows a user to view mail or calendar information through the web. The flaw affects Outlook 98, 2000 and 2002.
Microsoft has issued a security bulletin recommending that customers ensure they have installed the Outlook email security update, and should temporarily disable ActiveX controls in the Internet Explorer Internet Zone.
Microsoft security program manager Scott Culp said: "Users will need to reconfigure their systems twice to correct the problem, once before the patch and then once again after the patch is issued."
Culp said Microsoft received the report on Monday and confirmed it existed on Wednesday.
"It isn't possible to throw a patch together overnight. The designs have to be right and there are multiple versions for each platform, which takes time," he said.
Although Culp said Microsoft had not received any reports from customers, "malicious users always exploit vulnerabilities and from past experience, that makes it more likely the bad guys will exploit this".
Microsoft is driving ahead with the patch but no date has yet been set. "We will then re-release the security bulletin with the patch," Culp said.
Giga Information analyst Rob Enderle advised that users should contact their vendors to make sure they will fix the problem.
"With the ActiveX controls in jeopardy, it could be a potentially serious problem," Enderle said.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display