"Our investigation is underway," said Angela Gunn of Microsoft's Trustworthy Computing team in a blog post Tuesday.
Until a patch is ready, Gunn urged customers to run the free "Fixit" tool Microsoft made to block attacks aimed at IE users.
Google, whose security team uncovered the attacks, and along with a Chinese security company, reported the bug to rival Microsoft, reiterated Gunn's advice in a blog post of its own Tuesday. It also offered a bit more information than Microsoft.
"These attacks are being distributed both via malicious Web pages intended for Internet Explorer users and through Office documents," said Andrew Lyons, a Google security engineer.
Microsoft did not set a delivery date for a patch, but Miller said he wouldn't be surprised if the company went "out-of-band" and released an emergency update for Windows and Office before July 10, the next scheduled Patch Tuesday.
June's seven security updates can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through WSUS.
metatag data Patch Tuesday, Microsoft, Windows, Internet Explorer, IE, Windows 8 Consumer Preview, Gregg Keizer, Andrew Storms, cyberwarfare, Stuxnet, Duqu, Wolfgang Kandek, Jason Miller, Google, Chrome, Office, zero-day, out-of-band, worm, RDP,
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about Windows in Computerworld's Windows Topic Center.