The potential flaw affects Windows XP and Windows Server 2003, Microsoft said in a statement. The bug could cause certain applications, including Internet Explorer, to crash after a user is tricked to click on an overly long Web link, security monitoring company Secunia said in an alert.
The flaw might also allow malicious code to run on a vulnerable system, Secunia said. However, that has not been proven, so the issue is so far deemed to be a denial of service, or DoS, problem only, Secunia said. The company deems the issue "less critical," one notch above its lowest possible rating.
Microsoft is investigating the issue, a company representative said in an e-mailed statement. The software maker is not aware of any attacks that attempt to use the flaw, the representative said. Once the investigation is complete, Microsoft may issue a security advisory of a patch, it said.
The Windows issue is one of several reported security issues awaiting a response from Microsoft. One issue the Redmond, Wash., company has said it will address with a security update later this month is. That flaw has already been .