Attackers are actively exploiting the flaw, which allows code execution without any user interaction. Security vendor Secunia has given the flaw its most severe security rating of 'extremely critical'.
The flaw can be exploited through a specially crafted webpage. When a user visits the site, the attacker can install and execute malware.
The vulnerability lies within a component of Microsoft's ActiveX software called WMI Object Broker Control. ActiveX is commonly used by Internet Explorer to work with data from other applications such as media players or image viewers.
Microsoft said in a security bulletin that it is investigating the issue. The company has not ruled out issuing a fix outside of its monthly patch schedule if necessary.
Microsoft said that only users who have approved the component through the ActiveX Opt-in feature will be vulnerable to the attack. The company warned users against following unsolicited or suspicious links.
Electronics and computer chain the latest high street retailer to fall into difficulties
Incisive Media and Investec Asset Management supported fundraiser crosses Atlantic in 40 days
Alphabet's health sciences division Verily have been messing with AI algorithms
North Korea's cyber attack capabilities are expanding fast - and turning their fire on a wider range of targets