Microsoft has released a one-off update that repairs an actively exploited vulnerability in the Vector Markup Language component of Windows. 

The flaw could allow an attacker to take control of a system through a specially crafted website, or by sending out spam email messages.

Microsoft originally planned to release the patch on 10 October, as part of its monthly patch release cycle. The vendor issues 'out-of-band' updates in rare cases if it helps to halt active attacks.

The VML vulnerability surfaced last week when a small group of websites in Russia started exploiting the unpatched vulnerability.

The abuse of the vulnerability became widespread over the weekend after the exploit was included in a malware toolkit known as 'WebAttacker'.

Users who have applied a third-party workaround need to undo those changes before the patch can be applied.

Security experts recommend that users apply the patch as soon as possible. The update can be obtained through the built-in auto-update feature in Windows or from the Microsoft Update website.