Hackers are actively exploiting a critical vulnerability in Microsoft's Windows operating system that allows them to remotely execute malicious code when victims visit a booby-trapped website.

"These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents," Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. "Users running Windows XP up to and including Windows 7 are known to be vulnerable."