Attackers are actively exploiting the flaw, which allows code execution without any user interaction. Security vendor Secunia has given the flaw its most severe security rating of 'extremely critical'.
The flaw can be exploited through a specially crafted webpage. When a user visits the site, the attacker can install and execute malware.
The vulnerability lies within a component of Microsoft's ActiveX software called WMI Object Broker Control. ActiveX is commonly used by Internet Explorer to work with data from other applications such as media players or image viewers.
Microsoft said in a security bulletin that it is investigating the issue. The company has not ruled out issuing a fix outside of its monthly patch schedule if necessary.
Microsoft said that only users who have approved the component through the ActiveX Opt-in feature will be vulnerable to the attack. The company warned users against following unsolicited or suspicious links.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally