Microsoft hopes to have a patch ready next week to fix a critical flaw found in its Windows program that could leave computers vulnerable to a virus.
The software giant said in a statement it had "completed development of a security update to fix the vulnerability" that it discovered last week. The update is being finalised and the company hopes to release it on January 10th.
Microsoft added it has been monitoring any attempts to attack the vulnerability in Windows. "Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is limited," it said.
Mikko Hypponen, chief research officer at F-Secure, an antivirus company, said the potential security threat was "huge". "It's probably bigger than for any other vulnerability we've seen. Any version of Windows is vulnerable right now."
He said that every Windows system shipped since 1990 contained the flaw.
The flaw in the system lets computers come under attack if users visit harmful websites or open e-mail attachments.
Until the patch is released, Microsoft said computer users should be careful not to visit unfamiliar websites.
Some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.
Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work.
"We've received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable," wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.
In its security bulletin, Microsoft made a general recommendation against unofficial patches, saying it was "best practice to utilise security updates for software vulnerabilities from the original vendor of the software".
The company has scrambled to come up with a fix to the previously unknown flaw which left computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.
Mike Reavey, operations manager for Microsoft's Security Response Center, called the flaw "a very serious issue".
Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.
Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the websites or viewing an infected image in an e-mail through the preview panel in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.
An estimated 90 per cent of personal computers run on Microsoft Windows operating systems. Microsoft has found itself under attack on several instances and has been forced to issue a number of patches to keep computers running Windows safe.
Mac and Linux computer users are not at risk with this attack, even if their computers run Microsoft programs such as Office or the Internet Explorer Web browser.
Mr Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar websites, and refrain from clicking on links that arrive via e-mail.
Dean Turner, a senior manager at anti-virus firm Symantec, said the company has seen the vulnerability exploited to install software that intercepts personal and financial information when users of infected computers enter the data at certain banking or e-commerce sites.
