The affected products include Windows operating system versions Vista and Server 2008 and Office 2003-2010 and Lync, Slash Gear reported.
A link could be sent via email or the Internet to unsuspecting users, attempting to convince them to click it to view a Web page or Word document that, when opened, would allow hackers to seize administrative control of a user's machine, Microsoft said.
As a temporary workaround, Microsoft is advising users customers to run the Microsoft Fix it solution entitled "Disable the TIFF Codec" and apply the "Enhanced Mitigation Experience Toolkit."
A security update to be release either in the monthly update cycle or as an off-cycle emergency patch is being worked on, Microsoft said.
Most of its other operating system versions and software products are not affected by the vulnerability, it said.
Senate Democrats to pull all-nighter on climate change
Dennis Rodman pledges to end trips to North Korea