The risk from the flaw could allow hackers to gain control of a victim's computer and Microsoft admitted there had already been "limited, targeted attacks" to exploit it.
Microsoft said the bug affects Internet Explorer (IE) versions 6 to 11 and that the firm is investigating the flaw and will take "appropriate" steps, the 'BBC News' reported.
The US software giant, which issued a security advisory over the weekend, said the steps "may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs".
"The vulnerability crashes Internet Explorer on Windows XP," said Cyber security firm Symantec that carried out tests to confirmed the risk.
More From This Section
According to Microsoft, hackers looking to exploit the flaw could host a "specially crafted website" containing content that can help them do so, the report said.
They could trap users into clicking on a link sent via an email or instant messenger, or by opening an attachment sent through an email.
"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned.
"An attacker could then install programmes; view, change, or delete data; or create new accounts with full user rights," the firm said.
The IE versions account for more than 50 per cent of global browser market, according to NetMarket Share.
Earlier this month, the Heartbleed bug, had set alarm bells ringing across the globe, including in India, for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.