Microsoft Corp. was working Friday to come up with a fix for a flaw in its Internet Explorer browser that could let hackers gain remote access to computer systems through malicious Web sites.
A patch was not immediately available, though some security experts played down the risk.
“If the user doesn’t browse a malicious Web site, then the user isn’t even under attack,” said Gerhard Eschelbeck, chief technology officer at Qualys Inc., a security company based in Redwood Shores, Calif.
The vulnerability is a problem in the way Internet Explorer handles certain pieces of data that are optional components in various programs.
The Redmond, Wash.-based software maker said it knew of no customers who had been attacked. (MSNBC is a Microsoft - NBC joint venture.)
The company issued a security advisory Thursday urging Internet users to be careful about opening up Web links in e-mails and said it would release a security update once it had completed its investigation.
The advisory came after a team of French security experts published a “proof-of-concept exploit” showing how hackers could take advantage of the vulnerability.
Without referring to the exploit specifically, Microsoft said the flaw “was not disclosed responsibily, potentially putting computer users at risk.”
The disclosure comes just days after a series of computer worms, programmed to take advantage of a flaw in Microsoft’s Windows operating system, caused delays in operations at big companies and government offices.