The vulnerability disclosed on Monday, affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

The firm urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, while the company works on a “patch” — or software fix — for the problem.