Serious security problems threat Microsoft’s clients, as the Redmond giant released a patch which has introduced a new critical security vulnerability in Internet Explorer.

The MS06-042 security update was issued by Microsoft to address other security issues discovered earlier. But soon after the release, another vulnerability was discovered, which was triggered by the installation of the patch itself.

The bug in the MS06-042 security update causes Internet Explorer 6 with Service Pack 1 to crash due a buffer overrun if the user visits certain websites. However, Microsoft now admits that flaw is exploitable and could allow an attacker to gain control of a computer if the user visits a website specially designed for that purpose.

The vulnerability was discovered by the security company eEye, which made a name for itself in recent months by discovering security flaws in the products of large security vendors such as Symantec and McAfee. eEye notified Microsoft of the vulnerability in MS06-042 and was told by Microsoft to stay quiet about it until Microsoft had its fix for the patch.

Despite Microsoft’s warning, eEye in its own advisory on its website, accused Microsoft of originally misrepresenting the vulnerability:

“This information is already known in various research circles and also with exploit writers. So it is important that IT administrators understand the true threat of this problem that this is not simply a crashing bug as Microsoft has been incorrectly misrepresenting it but in fact that it is an exploitable security bug. Researchers and exploit developers know this, therefore it is extremely important that IT administrators are told what really is going on,” eEye stated.

In response, Microsoft got mad publicly criticized eEye for disclosing publicly that the MS06-042 creates an exploitable flaw.

As of this moment, Microsoft still hadn’t released a new fix for the MS06-042 flaw because it found problems in a fix that was supposed to be released on Tuesday.