Although the pop-ups could be used by attackers, overlaying multiple windows in a Web browser is a feature, not a vulnerability, according to an advisory posted Tuesday on Microsoft's TechNet Web site.
"This is an example of how current standard Web browser functionality could be used in phishing attempts," Microsoft said in the advisory.
is a prevalent type of online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers. The schemes typically combine spam e-mail and fraudulent Web pages that look like legitimate sites.
Earlier this week, security monitoring company Secunia warned of the browser problem and rated it "less critical." The issue affects most major browsers, Secunia said.
Firefox developers at the Mozilla Foundation have been making moves to combat this kind of attack. In April, a patch was developed that allows people to block Java and Flash-based pop-ups unless they came from trusted sites.
Opera has said that its latest browser, 8.01, would display the pop-up's origin, letting a user inspect its URL to see if it came from a trusted site.
Graeme Wearden of ZDNet UK contributed to this report.