Microsoft released an emergency update to Internet Explorer today to stem a major security flaw in the software.

The IT giant said the move will help protect customers from "malicious attacks".

It emerged last week that a problem with the web browser allows criminals to hijack computers and steal passwords if the user visits an infected website.

As many as 10,000 sites have already been compromised to take advantage of the flaw, according to anti-virus software producer Trend Micro.

So far the websites, mostly based in China, have largely been used to obtain computer game passwords which can be sold on the black market.

A statement from Microsoft said: "Microsoft has released a security update for Internet Explorer that will help protect our customers from malicious attacks.

"Like a vaccine developed to fight a virus, this "security update" will protect your computer only if you install it. If you have turned on Automatic Updates, your computer will install the security update automatically."

The flaw has affected around two million Microsoft users according to John Curran, head of Microsoft's Windows commercial business group in the UK.

More than one billion people worldwide use the company's products.

It is believed criminals deliberately struck on December 9, the day that Microsoft released its latest monthly security update, Rik Ferguson, Trend Micro's senior security adviser in the UK, said.

The expert said this was a tactic to cause maximum confusion among computer users, who could wrongly believe they were protected.

Microsoft said so far it had only found attacks against version 7 of Windows Internet Explorer, the world's most popular web browser, but warned other versions were "potentially vulnerable".