The problem relates to the use of help keys, particularly F1, and affects Windows 2000 and Windows XP by default, and to a lesser extent Windows 2003 Server.
Microsoft said that its internal investigations had revealed that Windows 7, Windows Server 2008 and Windows Vista are not affected.
"With this issue, it is possible for a malicious web page to display a dialogue box which will trigger the execution of arbitrary code when the user presses the F1 key," the advisory said.
"The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key. Platforms are affected regardless of the Internet Explorer version installed.
"Though user interaction is required, the F1 keyboard shortcut does enable an attack scenario. In the exploit, a file path enables a .HLP file to be loaded from the local file system, SMB or WebDav."
Microsoft advised users to avoid pressing F1 on dialogue boxes presented from web pages or other internet content.
"If a dialogue box appears repeatedly in an attempt to convince the user to press F1, users may log off the system or use Task Manager to kill the Internet Explorer process," said the company in a security research note.
Users can also set Internet Explorer to show a prompt before running any Active X controls or scripting, which Microsoft said will not affect general browsing.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago