A day after releasing an out-of-band security bulletin for a vulnerability in Internet Explorer notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies, new flaws have been discovered in Microsoft's browser.

Boston-based research firm Core Security Technologies has outlined a set of vulnerabilities in Internet Explorer that hackers can link together to remotely exploit a Windows PC. None of the vulnerabilities are serious enough to compromise a machine alone, but a hacker could take control of a PC by exploiting all of them at once. "There are three or four ways to conduct this type of attack," Jorge Luis Alvarez Medina, a security consultant with Core, told Reuters, though he admitted he was uncertain whether any hackers had already exploited his findings.

"Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer," a Microsoft spokesperson told Ars. "We're currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure."

After the investigation, Microsoft will either provide a security update on Patch Tuesday, or an out-of-cycle update like it did with the last IE flaw (less likely in this case). The Microsoft spokesperson took the opportunity to make the now-familiar recommendations that IE users upgrade to Internet Explorer 8 and to enable Automatic Updates.

Medina plans to demonstrate the IE vulnerabilities at the Black Hat security conference in Washington, which begins February 2, but until then he will work with Microsoft to find a way to mitigate the risk. Still, he believes that other related vulnerabilities will crop up even after fixes are found to the ones he unearthed.