Microsoft has released an emergency update for its Internet Explorer browser to fix a bug that cyber-thieves are known to be exploiting.
The bug could let attackers hijack a web browser and use their access to install malware, it warned.
Attackers are believed to have built booby-trapped webpages harbouring malicious code that infects visitors.
In a description of the problem, Microsoft said versions nine to 11 were vulnerable.
Anyone regularly using Internet Explorer is being urged to download and apply the patch.
Typically, Microsoft releases patches for software bugs in its monthly update.
However, the severity of the problem and the fact that it was being abused led it to issue a rare emergency patch.
Statistics suggest just over 8% of people are still using Internet Explorer.
Use of the browser has declined as Microsoft has sought to push people to use its Edge net software.
The software problem was discovered by Google engineer Clement Lecigne who works on its threat analysis team.