Hackers may have exploited an unknown bug in Microsoft's Windows operating system to infect computers with the Duqu virus.

"We are working diligently to address this issue and will release a security update for customers," Microsoft said on Tuesday in a short statement.

Many analysts believe the Duqu virus could become the next big cyber threat. Duqu was first discovered by security firm Symantec Corp in October. The virus had the same malicious software as Stuxnet, the virus that brought Iran's nuclear program to its knees. Analysts are suggesting that hackers will use Duqu to attack critical infrastructures like power plants and oil refineries. The main difference between Duqu and Stuxnet is that Stuxnet targets industrial control systems while Duqu appears to be an information retrieval tool.

Symantec researchers say that Duqu spreads by victims opening a Microsoft Word document that has been infected with the Duqu virus. A hacker can then take control of the infected PC and hunt for data in the organization's network.

The Duqu rootkit can run on the infected PC for 36 days. During that time the virus collects information via the keyboard, including passwords or IM conversations. After the "surveillance" period ends, the rootkit gracefully removes itself from the system, along with the keylogger component.

Symantec said Word file infection is "just one of potentially multiple installer methods that may have been used by attackers to infect computers in different organisations".

Microsoft researchers are working with partners to protect Windows users against the Duqu virus. A security update will be released soon, according to the company in a statement. Users can protect themselves by following standard safe practices such as not opening suspicious files attached to emails.