Microsoft is investigating a possible unpatched flaw in its Office software suite that could allow hackers to remotely access users' systems, a spokeswoman said Wednesday.
The vulnerability was detailed Tuesday in an advisory labeled "highly critical" from IT security firm Secunia. It is not one of the eight vulnerabilities that Microsoft disclosed as part of its monthly security bulletin, also released Tuesday.
The unpatched flaw exists in Microsoft's Jet Database Engine, which can be exploited to execute arbitrary code by tricking users into opening a specially designed ".mdb" file in Microsoft Access, according to the Secunia advisory. Exploit code for the vulnerability has already been posted to a public mailing list, the security company warned.
Microsoft criticized disclosure of the vulnerability, saying that the commonly accepted practice is to report a threat to the vendor first so a patch can be developed if necessary before the exploit code gets distributed.
Secunia said the flaw was first reported by security firm HexView. HexView said it notified Microsoft of the vulnerability on March 30 and received no response. The software vendor declined to comment on the notification claim.