“Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn’t fixed yet,” Jordan Robertson reports for The Associated Press.

“The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software,” Robertson reports.

“It can allow hackers to remotely take control of victims’ machines,” Robertson reports. “The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.”

Robertson reports, “Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.”

Robertson reports, “Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it’s because the vulnerabilities are very serious. A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm.”

Full article here.

MacDailyNews Take: The all-too-real Microsoft Tax strikes again.

[Thanks to MacDailyNews Readers “Tom,” “David,” and “Scott” for the heads up.]