The flaw is actually related to MSN Chat, a service found on Web sites run by Microsoft's MSN Internet division that allows groups of online users to type instant messages to each other in virtual rooms, Microsoft said.

Such chats are enabled by software called the MSN Chat Control, which can be installed on its own but is also bundled with versions 4.5 and 4.6 of MSN Messenger and the corporate-oriented Exchange Instant Messenger, Microsoft said.

The Redmond, Washington-based company is offering patches for the flaw through a link on its Web site at .

Microsoft said MSN Messenger and Exchange Messenger, which let users chat one-on-one rather than in "rooms", were not affected since they did not actually use the Chat Control software.

MSN Chat was susceptible to a so-called buffer overflow, in which an attacker sends more data to a target computer than can be appropriately handled. The overflow is then run inside the computer as code that can be controlled by the attacker.

"Such a program could take any action that the system's owner could take, such as adding, changing or deleting any data or configuration information," Microsoft said in a notice on its Web site detailing the flaw.

A user's computer could be vulnerable even they do not use the chat feature, because hackers could exploit the flaw through the Internet Explorer Web browser, according to eEye Digital Security, the company that called the flaw to Microsoft's attention.

Malicious e-mails could also use the flaw, eEye said in a notice on its Web site, at .

However, Microsoft said customers who had installed a recent e-mail security update to Outlook 98, 2000, 2002, or Outlook Express software, would be safe from e-mail attack.

Microsoft has said it is making security its top priority as it moves to quell criticism that its software is far too vulnerable to hackers and viruses. Security is also becoming more important as the company rolls out Web-based services that will constantly tap the Internet.