Cyber-thieves are "actively exploiting" the vulnerability by combining it with a separate flaw found in the Chrome browser, due to this, Google has issued an update for its Chrome web browser to close the loophole. Microsoft has said it is also working on a fix for the problem in Windows 7.
The Windows flaw exists in core elements of the operating system that are supposed to stop data in one program interacting with anything outside that application. Google said it had seen evidence that criminal hackers had found a way to make attack code jump from Chrome into other applications to help them compromise a machine.
A patch has been produced for Chrome and users should ensure that they have updated their browser to close the loophole, said Google engineer Justin Schuh. "Seriously, update your Chrome installs... like right this minute," he tweeted.
The serious nature of the flaw in Chrome meant the software had to be shut down and re-started for the patch to take effect, he added. Microsoft has not given a date for when its patch for Windows 7 will be released, but said it would be "as soon as possible". Millions of machines still run Windows 7 despite it being almost 10 years old.
- One way to avoid falling victim is to upgrade to Windows 10