The move came just 24 hours after the upgrade was released when a security expert demonstrated that the vulnerability was more serious than Microsoft first thought. Microsoft issued a workaround for businesses to enable users to disable the Outlook Today page on their client e-mail systems,.
The "critical" classification means Microsoft now believes that the security hole "could allow the propagation of an internet worm without user action".
The reclassification will embarrass Microsoft, which has been criticised for its move to issue monthly security patches.
Jouko Pynnonen, who discovered the serious nature of the threat and brought it to Microsoft's attention, told Computer Weekly, "After seeing Microsoft's bulletin I started investigating this restriction and found a way that an attacker could work around it. I notified Microsoft about this possibility, and they reclassified the issue as critical."
Richard Brain, technical director at security systems company ProCheckUp, said, "Threats being reclassified are not new but there is a certain degree of embarrassment for Microsoft here, as the retesting to discover the wider threat does not seem to have been done initially by their own people.
"It may be time for Microsoft to completely rewrite its Outlook system as the original code is now very old, going back to times when internet threats were not as widespread."
Microsoft is encouraging users to download and install Office XP Service Pack 3 or the security update as quickly as possible.