The affected products include Windows operating system versions Vista and Server 2008 and Office 2003-2010 and Lync, Slash Gear reported.
A link could be sent via email or the Internet to unsuspecting users, attempting to convince them to click it to view a Web page or Word document that, when opened, would allow hackers to seize administrative control of a user's machine, Microsoft said.
As a temporary workaround, Microsoft is advising users customers to run the Microsoft Fix it solution entitled "Disable the TIFF Codec" and apply the "Enhanced Mitigation Experience Toolkit."
A security update to be release either in the monthly update cycle or as an off-cycle emergency patch is being worked on, Microsoft said.
Most of its other operating system versions and software products are not affected by the vulnerability, it said.