Computer engineers at Internet security firm FrSIRT, who first discovered the hole, rated the problem critical, saying it affects versions 9 and 10 of the media player.
According to security experts at eEye Digital Security, the flaw in the player stems from a buffer overflow error that can occur when Windows Media Player is used to run .asx media files.
After an initial investigation, Microsoft confirmed the security hole, but could not say if hackers had attempted to exploit the breach.
The company said users could eliminate their risk by preventing Internet Explorer from opening .asx files. Microsoft also said users could greatly minimize their risk, but not avoid it altogether, by turning off Active Scripting.
Officials at FrSIRT said upgrading to version 11 of the popular player also would protect users.
Microsoft said it has not determined if it will produce an “out of cycle” security patch to fix the problem, or if it can wait until the next monthly update.