The Meta File bug is suffered by several Windows versions

Discovered on 27 December, the bug helps hijack PCs if users visit booby-trapped websites or open e-mail attachments loaded with exploit code.

Microsoft said it hoped to have its fix for the bug available by 10 January.

However, malicious hackers have already exploited the bug and others are likely to follow as tools appear to help them craft even more attacks.

Tool time

Although malicious hackers will have had at least two weeks to exploit the so-called Windows Meta File (WMF) bug, Microsoft played down the seriousness of the security problem.

In a statement it said it had been "monitoring" attempts to exploit the bug.

"Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is limited," the software giant said.

But security researchers continued to release warnings about the severity of the problem.

"This one is particularly nasty because is allows people to take control of your computer from over the internet," said Rob Helm, research director at US analysts Directions on Microsoft.

The problem is caused by the way that many versions of Windows treat graphics. A properly crafted file can exploit shortcomings in this system to take over a PC.

Vulnerable versions of Windows include ME, 2000, XP and Server 2003.

So far security companies have found many different exploits for the bug. Some attackers are using e-mail to spread infected attachments but many thousands of websites have been created which use the loophole to install spyware and trojans that take control of a computer.

At the same time a toolkit began circulating that helped malicious hackers craft variants of attacks that exploit the WMF vulnerability.

Users were urged to install an unofficial patch for the WMF bug produced by expert Windows programmer Ilfak Guilfanov.