Security researchers have reported a high-risk flaw in Microsoft's Outlook and Internet Explorer.
The hole could allow malicious code to be executed with minimal user interaction, according to security firm eEye Digital Security. The company claims to have notified Microsoft about the flaw on 5 May.
A spokeswoman for Microsoft confirmed that the company has been notified, and is investigating the issue.
"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue," she said.
The defect affects systems running Windows NT, 2000, XP and at least some versions of Windows 2003.
EEye notified Microsoft about two other flaws in Internet Explorer and Outlook on 16 March and 29 March, but the software giant has yet to release a patch for the problems.
Microsoft usually releases patches on a monthly basis to allow systems administrators to plan for the fixes, although an out-of-cycle patch can be issued in emergencies.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago