Writing in his Countermeasures security blog, Ferguson says he reached this conclusion after observing a Twitter message on Friday afternoon, and the fact that a posting has also been made to the Full Disclosure mailing list about the issue.
According to the Trend Micro security consultant, "the [Twitter] message itself was relatively low key, but pointed to something possibly more worrying."
"Enough to make me do some digging anyway", he said, adding that the Friday afternoon tweet from Microsoft said: "We're aware of a publicly disclosed issue involving Internet Explorer. We'll continue to investigate over the weekend."
"Hmmm, publicly disclosed where and by whom? What kind of issue and what kind of effect", said Ferguson, adding that the problem is an evolution of a vulnerability that was first made public by Google's Chris Evans back in December of last year in a post on his Scary Beast security blog.
In his posting to the Full Disclosure mailing list, Evans says that "a nasty vulnerability exists in the latest Internet Explorer 8" and that he has "been unsuccessful in persuading the vendor to issue a fix."
Ferguson points out that Evans claims that the bug permits an arbitrary website to force the victim to make tweets, for example.
What's interesting about the comments, Infosecurity notes, is that Evans claims that there is evidence that Microsoft may have been aware of this bug since 2008 and that the same defect 'probably' affects earlier versions of Internet Explorer.
According to Ferguson, the exploit acts by stealing the (supposedly secret) credentials for an already authenticated browser session, in his Twitter example.
"Those credentials are then abused to send arbitrary forged content", he said, adding that that Chrome, Firefox, Opera and Safari have all already fixed this vulnerability.
"Let's hope Microsoft had a good long investigate over the weekend then. With the ever increasing popularity of URL shortening services, vulnerabilities like this are all too easy to exploit", he noted.