Until a fix is available from Microsoft, users should consider changing the configuration of Internet Explorer to turn off or prompt before allowing Active Scripting to run, Sophos said in its advisory.

Meanwhile, a separate security advisory came from database security vendor Imperva Inc., which warned users of a vulnerability it discovered in Microsoft's SQL Sever 2000 database that allows potential attackers to mask their log-in names from the software's audit tools.

Users who take advantage of the flaw could gain access to a vulnerable database and take any action they want without fear of their actions being audited, Imperva CEO Shlomo Kramer said.

Microsoft issued an advisory informing users of the problem on Wednesday in which it tells users how to detect the problem and work around it.