The world's largest software company, which said hackers targeting Google and at least 20 other companies in China exploited a weakness in its browser, said its new patch was critical and people should apply it as soon as possible.
Other hackers have begun to exploit the flaw, according to researchers with Symantec Corp, the world's biggest security software maker.
Symantec has found viruses that take advantage of the weakness in Microsoft's browser on some 100 websites, security researcher John Harrison said on Thursday.
They are dangerous because they can infect the PC of any user who visits those sites. Unlike less powerful viruses, it is not necessary for people to download software for their machines to become infected, Harrison said.
PCs are safe if they apply the patch, which resolves eight vulnerabilities in Internet Explorer, Microsoft said. The most serious could allow hackers to gain control of a computer remotely via Web sites people visit while using the browser.
We're always working, we have fewer vulnerabilities
than our competitors, said Microsoft Chief Executive Steve Ballmer at an energy conference in Houston, addressing cyber-security concerns.
He gave no indication that Microsoft would change its business in China after Google threatened to quit the country last week. We respect the laws of China, it's the only appropriate thing for us to do, he said.
The viruses Symantec has found only successfully attack Internet Explorer 6, though hackers could figure out how to break through the defenses of Internet Explorer 7 and 8, the most recent version of the software, Symantec's Harrison said.
Most Internet Explorer customers, who have automatic updating enabled on their systems, will not need to take any action on the security patch, Microsoft said. For manual updating, it directed users to its website (http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5).
(Reporting by Bill Rigby, Jim Finkle and Anna Driver; Editing by Richard Chang and Robert MacMillan)