Microsoft is currently investigating the flaw which has previously been used to steal passwords for computer games by mainly Chinese websites.
Now security experts are warning the flaw, if properly exploited, could result in IE users becoming vulnerable to criminals seeking banking passwords.
Around 10,000 computers are estimated to already be affected.
"We are actively investigating the vulnerability that these attacks attempt to exploit," Microsoft said in a statement.
"We will continue to monitor the threat environment and update this advisory if this situation changes."
Microsoft rushes out emergency Windows security fix
Updated Microsoft has released an emergency security update for a broad swath of its users that patches a critical security hole that is already being exploited in the wild.
The vulnerability - which has been subjected to "limited, targeted attacks" - could allow miscreants to create wormable exploits that remotely execute malicious code on vulnerable machines, Microsoft said. No interaction is required from the end user. It was the first patch released outside Microsoft's regular update cycle in 18 months.
8 years ago