Microsoft has released a temporary software fix for a newly discovered bug in its Internet Explorer web browser.
The problem, which affects hundreds of millions of IE browser users, is being used by attackers to install the Poison Ivy trojan.
This piece of malware is used to steal data or take remote control of PCs.
Microsoft moved quickly to address the issue. In a blog post, external, it said that it was "working to develop a security update".
So-called zero-day, or newly discovered, vulnerabilities are rare. According to security firm Symantec, only eight such bugs were spotted in 2011.
Symantec research manager Liam O Murchu said they were dangerous to users because they were new.
"Any time you see a zero-day like this, it is concerning.
"There are no patches available. It is very difficult for people to protect themselves."