MICROSOFT has issued a new security update for its Internet Explorer to close loopholes that could allow a hacker to install unwanted programs or deceive computer users with fake internet addresses.

The update was not related to the MyDoom internet worm, analysts said, but posed additional security woes for computer users at a time of the biggest epidemic of its kind to hit cyberspace.
Microsoft called the update "critical", the highest level of alert.

Jimmy Kuo of McAfee Anti-virus and Vulnerability Emergency Response Team said the security patch, which can be downloaded from Microsoft's website, addressed three vulnerabilities.

But the most significant, he said, was the security flaw that could allow a user to be directed to a fake website even when the address line, also known as a URL, appeared legitimate.

"So a user could see the address www.citibank.com, but could actually be somewhere else," Mr Kuo said. "This vulnerability has already been in use since December, and we've been in great anticipation for an update" to fix the flaw.

The flaw could be used in so-called "phishing" scams in which users are sent emails and asked to click on a link to update financial information or verify passwords.