The bug affects anyone using Windows Explorer on a PC in America.
Even worse, The Department of Homeland Security’s Computer Readiness Team warns "we are currently unaware of a practical solution to this problem."
The flaw allows hackers to take over a computer and run any software they like.
USA Today says the recommendation for now is to change browsers "until an official update is available."
It’s also reported the hackers can be stopped if users disable Flash on their machines.
The New York Times reports anyone using newer operating systems will get a patch closing the security hole soon.
But 25% of the PC’s in the US still run Windows XP, an OS the company discontinued servicing last week.
Mashable’s Lance Ulanoff writes if Microsoft could take a hit if they don’t assist XP users one final time.
“Windows XP users could be so disenfranchised that they simply switch to Macs and Microsoft ends up losing far more than it can gain by finally getting everyone off Windows XP."
One of the largest internet security firms Symantec, is reaching out to XP users and offering help.