Microsoft has confirmed it is working on a fix for a critical vulnerability in its Internet Explorer 8 web browser, following the flaw's public disclosure by researchers at the Zero Day Initiative (ZDI).

The flaw came to light after the researcher who found it revealed Microsoft had not patched the problem within 180 days of being informed, thereby allowing ZDI to make information public under its own guidelines.

Despite the lengthy wait for a fix, a Microsoft spokesperson told V3 the company is aware of the flaw and is working to fix it, but added it is yet to uncover any evidence it is being actively exploited.

"We are aware of a publicly disclosed issue involving Internet Explorer 8 and have not detected incidents affecting our customers. We build and thoroughly test every security fix as quickly as possible," said the spokesperson.

"Some fixes are more complex than others, and we must test every one against a huge number of programs, applications and different configurations. We continue working to address this issue and will release a security update when ready in order to help protect customers."

The vulnerability was disclosed by the ZDI earlier this week and could theoretically be exploited by hackers to infect machines running the web browser with malware. The researchers claim they privately reported the bug to Microsoft on 10 November 2013.

Microsoft added that while the company is going to fix the bug, to remain truly secure users should upgrade to a newer version of Windows and IE.

"We encourage customers to upgrade to a modern operating system, such as Windows 7 or 8.1, and run the latest version of Internet Explorer which includes further protections," said the spokesperson.

V3.co.uk