Trend Micro has warned that attackers are exploiting a new bug in Internet Explorer 7 which was patched by Microsoft last week.
The patch which was marked as critical was pushed out using Windows Update last Tuesday, but there are still millions of unpatched versions out there.
The exploit allows remote attakers the ability to install spyware on vulnerable systems.
Users and system administrators are urged to make sure they install all critical patches from Microsoft.