Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet. The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software. It can enable hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked. Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail. The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video.