U.S.-based research firm Core Security Technologies has discovered further vulnerabilities in Microsoft's Internet Explorer that it claims could allow hackers to remotely access data on a user's PC.
The discovery was made just a day after Microsoft launched a patch to fix a critical security hole that resulted in major cyber attacks on companies such as Google.
Core Security Technologies, based out of Boston, claims the vulnerability was first discovered some two years ago. Yet, despite two interim patches by Microsoft, the research firm claims it is still possible to exploit the flaw in three or four ways.
Jorge Luis Alvarez Medina, a Core Security Technologies consultant who has been working with Microsoft to try and resolve the problem, has stated that the vulnerability will be demonstrated at the Black Hat security conference in Washington on February 2nd.
Whether or not Microsoft will release another out-of-band security update to fix the flaw remains unknown, but the software giant has publicly acknowledged the problem.
"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer. We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure. Once we’re done investigating, we will take appropriate action to help protect customers," said the company in a statement.
Although the latest vulnerability is said to affect all versions of Internet Explorer, Microsoft recommends that users upgrade to the latest version, Internet Explorer 8 in order to "enable automatic installation of all applicable updates this month and help to make customer systems more secure".
