Microsoft has warned of a flaw in ActiveX that allows an attacker to run malicious code on a victim's computer.
The vulnerability involves a feature called Outlook View Control that allows a user to view mail or calendar information through the web. The flaw affects Outlook 98, 2000 and 2002.
Microsoft has issued a security bulletin recommending that customers ensure they have installed the Outlook email security update, and should temporarily disable ActiveX controls in the Internet Explorer Internet Zone.
Microsoft security program manager Scott Culp said: "Users will need to reconfigure their systems twice to correct the problem, once before the patch and then once again after the patch is issued."
Culp said Microsoft received the report on Monday and confirmed it existed on Wednesday.
"It isn't possible to throw a patch together overnight. The designs have to be right and there are multiple versions for each platform, which takes time," he said.
Although Culp said Microsoft had not received any reports from customers, "malicious users always exploit vulnerabilities and from past experience, that makes it more likely the bad guys will exploit this".
Microsoft is driving ahead with the patch but no date has yet been set. "We will then re-release the security bulletin with the patch," Culp said.
Giga Information analyst Rob Enderle advised that users should contact their vendors to make sure they will fix the problem.
"With the ActiveX controls in jeopardy, it could be a potentially serious problem," Enderle said.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago