A further hole in Microsoft's Internet Explorer has been revealed which could lead to sensitive information being compromised, and no patch has yet been offered.
Microsoft issued a security bulletin after it was revealed that a vulnerability exists in IE 5.5 and 6.0 that may allow hackers to use a modified URL to gain unauthorised access to users' cookies.
The flaw, rated as a high security risk by Microsoft, was discovered by Finnish security firm Online Solutions.
It has sparked a war of words between Microsoft and the security firm, with the software giant accusing the Finnish firm of acting "irresponsibly" by releasing details of the vulnerability before a patch was developed.
For its part, Online Security claims it provided adequate notice, and was not taken seriously by Microsoft.
Until a patch is released, system administrators should disable active scripting in their browsers, said Graham Cluley, senior technology consultant at security firm Sophos.
"History shows us that there are malicious people out there who will attempt to exploit this," he said.
Microsoft will be tainted by the volume of security holes associated with its products, but the company has a good history of working with firms to develop patches before vulnerabilities were made public, he added.
"A code of conduct on how to deal with vulnerabilities would help vendors and end-users. Improving the mechanism for delivering patches would also improve security," he said.
Security companies @Stake, BindView, Foundstone, Guardent and Internet Security Systems are to join Microsoft in forming a hacker watchdog group called The Responsible Disclosure Forum.
The forum's aim is to establish guidelines and codes of conduct for releasing information about software vulnerabilities.
Two weeks is a reasonable time period to expect a software vendor to produce a patch or workaround in response to a vulnerability, said John Pescatore, vice-president of information security strategies at analyst firm Gartner.
Additional time should also be allowed for regression testing of patches. "Any vendor that cannot respond in this time frame should not sell software that will be exposed to the internet," he said.
Antarctica lost on average 252 gigatons of ice mass per year from 2009 to 2017, claims study
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest