Reavey stressed that Microsoft "has not seen widespread customer impact, rather only targeted and limited attacks exploiting (Internet Explorer 6)."
Changing browser security settings to "high" would protect users from the vulnerability, he said.
Microsoft chief executive Steve Ballmer said meanwhile that the US software giant takes cyberattacks "seriously" but has no plans to pull out of China.
"We've been quite clear that we're going to operate in China," Ballmer told CNBC television. "We're going to abide by the law.
"We need to take all cyberattacks seriously, not just this one," he said.
McAfee's Alperovitch said the attacks on Google and other companies, which he was not allowed to identify, were unusual in their sophistication.
"We have seen attacks like this before but only in the government space, in the defense-industrial space," Alperovitch said.
"We have never seen that level of sophistication, level of planning and reconnaissance and attention to detail in