Microsoft learned of the flaw a week ago when a customer sent an e-mail to the company's security contact point,, said Iain Mulholland, security program manager for Microsoft's security response team. Mulholland would not confirm whether the U.S. Army, or another branch of the military, was the customer in question.