The vulnerability could enable an intruder to gain control over a user's system, according to an e-mail Microsoft said it issued yesterday (21 August) to potential users of its File Transfer Manager.
A Microsoft spokesman said the company believes no more than a "few thousand users" are now at risk. Figures show the "vast majority" of users have downloaded the 4.0 version of the File Transfer Manager that has been available since June and is not considered vulnerable.
"We believe that no more than about 50,000 users were ever exposed to the vulnerable control. Of that 50,000, there's reason to be believe that the vast majority had already upgraded," the company said.
Despite this, Microsoft urged all users of its developer network and beta and volume licensing programs to determine if the File Transfer Manager is installed on their systems.
If it is, those users are advised to either upgrade to the latest 4.0 version of the File Transfer Manager or remove the vulnerable version by following step-by-step instructions that can be found online.
Read more on Business applications
Microsoft has confirmed that attackers have exploited a vulnerability in the firm's Internet Information Services (IIS) software.