The company said it had only very recently become aware of the issue and said at this stage the risk to users was “limited” because the malicious code was not in wide circulation.
“At this time, we are aware only of targeted attacks that attempt to use this vulnerability,” the company said in a scheduled Security Advisory said.
The company has not decided whether to issue a patch for the vulnerability.
“Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”
Meanwhile, Microsoft has continued to fill its most senior executive ranks with new blood from outside of the company announcing the appointment of a senior Disney executive as Microsoft chief information officer.
Tony Scott, who was a senior vice-president and CIO at Disney, will take charge of the Microsoft 4,000-person global information technology organisation that manages critical technology systems supporting the company’s worldwide sales, marketing and services efforts, as well as enterprise systems and applications for all corporate processes.
Mr Scott will officially assume the new role at Microsoft in February and report to Microsoft chief operating officer Kevin Turner.
For more IT Security news, click here.
