Cybersecurity software maker FireEye said a sophisticated group of hackers had been exploiting the bug in a campaign dubbed "Operation Clandestine Fox".

FireEye, whose Mandiant division helps companies respond to cyberattacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter was still active.

"It's a campaign of targeted attacks seemingly against US-based firms, currently tied to defence and financial sectors," FireEye spokesman Vitor De Souza said. "It's unclear what the motives of this attack group are, at this point."

Microsoft said the vulnerability could allow a hacker to take complete control of an affected system and then do things such as view, change, or delete data, install malicious programs, or create accounts that give the hacker full user rights.

FireEye and Microsoft had not provided much information about the security flaw or the approach that hackers could use to figure out how to exploit it, said Aviv Raff, chief technology officer of cybersecurity firm Seculert.

Yet other groups of hackers were now racing to learn more about it so they could launch similar attacks before Microsoft prepared a security update, Raff said. "Microsoft should move fast," he said. "This will snowball."

The software maker said it advised Windows XP users to upgrade to one of its two most recent versions of its operating system, Windows 7 or 8.

Computers in Hong Kong had yet to be compromised, according to the Hong Kong Computer Emergency Response Team Co-ordination Centre. A senior consultant at the centre, Mr Leung Siu-cheong, said computer users and companies should be on high alert. He added computer users should take note of the "workarounds" on Microsoft's website.

"The quickest way to avoid the risk in the meantime is to use other browsers with the latest patches installed," he said.