Microsoft Confirms IE Security Flaw

The Redmond, Wash., software maker said in a security advisory published Thursday that it was investigating the reported vulnerability and would take "the appropriate action," which could include a patch.

In the meantime, Microsoft has recommended that IE's Internet and local intranet security zone settings be placed at "high," which means the PC user will be prompted before the machine runs ActiveX controls in these zones.

An attacker could exploit the flaw by creating a malicious web page and luring a person to visit the page. The attacker could take control of a PC by running script code on the local system. The problem affects all supported versions of IE.

Microsoft had not received any reports of computers being compromised.