Microsoft is working to patch the vulnerability through a software update
Investigators say they are closing in on the source of the cyber attacks that hit a number of US companies, including Google, according to reports.
The Financial Times suggests that US officials have tracked the author of the code used to attack the company.
The paper says the alleged hacker is a Chinese "freelance security consultant in his 30s" who had published extracts of the attack code on the web.
The attacks led Google to announce that it may pull out of China entirely.
The attacks allegedly hit more than 30 companies. Google said they had targeted the e-mail accounts of Chinese human rights activists.
The hackers had used a security hole in Microsoft's Internet Explorer web browser to launch the attacks. The hole has since been patched.
The FT says that the alleged hacker posted pieces of the program to a hacker's forum and that Chinese officials had "special access" to the code.
"If he wants to do the research he's good at, he has to toe the line now and again," the paper quoted a single, unnamed government researcher as saying.
The news comes after reports linked two Chinese schools to the attacks.
Reports suggested that the source of the strikes had been traced to Shanghai Jiaotong University and the Lanxiang School, a large vocational training centre in Jinan.
Both schools deny any involvement.