The flaw, known as a zero-day vulnerability, is viewed as "extremely critical" by one security research firm.
Microsoft said while it knows of proof of concept code published publicly, it said any exploit would cause only "limited attacks." The software maker also released a security advisory suggesting ways users could avoid the flaw.
The vulnerability, part of the WMI Object Broker ActiveX found in the WmiScriptUtils.dll file, could allow attackers to gain administrator access. Users would need to visit Web sites that include the exploit, according to Microsoft.
Microsoft said it would wait until its investigation ends before deciding whether to issue a fix before its regular patch session.
Danish security firm Secunia rated the flaw "critical" and said on its Web site that it is already being actively exploited.