Security company GreyMagic Software stated that the patch, released on Thursday, only fixed version 6.0 of Internet Explorer. Users on version 5.0 and 5.5 were still exposed to potential hacking attacks
Another security expert, Thor Larholm, went further, suggesting that Microsoft had misunderstood the nature of the problem.
The patch was intended to correct a number of security issues in Internet Explorer 5.01, Internet Explorer 5.5 and Internet Explorer 6.0 including a fix that closed a vulnerability in one of Internet Explorer's local HTML (Hypertext Markup Language) resources.
According to Microsoft, the flaw could only be exploited when a user clicks on an HTML (Hyptertext Markup Language) link on a Web page or in an e-mail message.
But on his security Web site, Larholm claimed, "A successful attack requires that a user first click on a hyperlink. There is no way to automate an attack using this vulnerability."
He added that Microsoft appeared to have misunderstood a number of issues surrounding this vulnerability.
"Microsoft is aware of the issues and is investigating the reports," a Microsoft spokesman said. Microsoft maintained that the patch does what the company said, but it was also investigating the researchers' claims, the spokesman explained.
This is not the first time that a Microsoft patch has caused problems for users. Another IE patch, released in February, caused the browser to crash.