"We're currently developing a security update for Windows that will address the vulnerability," promised Bryant, who did not set a timetable for a patch. In lieu of a fix, users can disable Aero to protect their machines.

Attackers could exploit the vulnerability by tricking users into visiting a malicious site that hosts a rigged image file, .

But an attack may require more than that seemingly simple tactic, said Andrew Storms, director of security operations at nCircle Security. "I believe what Microsoft is saying [in the advisory] is that the image viewers from Microsoft won't trigger the vulnerability, but third-party applications may."

To disable Aero, users can click Start, select Control Panel, then click on "Appearance and Personalization," Microsoft said in the advisory. Under "Presentation," users would then click "Change the Theme" and then select one of the "Basic and High Contrast Themes."

Today's advisory is not the only vulnerability not yet patched by Microsoft. A was acknowledged by the company late last month, but remains unfixed.