The advisory deemed as critical a vulnerability in the way Microsoft's browser opens external documents, but about which the software giant would say little for the past two months.

"We have said that the issue is under investigation," said a representative for the software giant.

The software flaw took Microsoft by surprise when a 31-year-old Austin, Texas-based security researcher using the handle "ThePull" posted details of the problem to a security mailing list.

The collection of software fixes, known as a cumulative patch, also fixes two flaws in the way Internet Explorer handles HTML, opens files, and executes certain scripts.

Users are urged to download the latest patch.

Larholm, along with British Web developer Tom Gilder, outlined the security slip-ups on their Web site, including the fact that Microsoft posted a set of fixes for the problem last Thursday, but took it down not two hours later.