Facebook has begun warning members logging in to its social network site using Internet Explorer to update to the latest version of the web browser. Severe flaws in Internet Explorer 6 mean the Microsoft web browser and those who use it leave themselves and their PC open to exploit.
So serious is the nature of the flaw found in IE6 that Microsoft is to issue an emergency patch later today to fix it. This afternoon, Microsoft UK issued an announcement to the effect that this emergency Internet Explorer patch will be available for download from around 6pm UK time.
The statement explains that "MS10-002 [is] a security update to address the limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated critical that are not currently under active attack. This update addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities."
On Monday, France and Germany went public with their concerns about the seriousness of the threat and urged citizens to consider using a different browser entirely, suggesting Mozilla Firefox and Google Chrome as credible, safe alternatives.
Earlier this week Microsoft confirmed widespread rumours that it would need to issue an "out of band" update. Until today, however, we weren't sure when to expect this update. In the meantime, sites such as Facebook are cautioning web users not to continue using Internet Explorer 6 and to upgrade for a newer, safer version of the browser.
When logging in to a Facebook account, IE6 users currently get a message informing them that "You're using an old version of Internet Explorer right now. Facebook will work better for you if you upgrade or switch to another browser." It offers links to rival browsers Safari, Google Chrome and Firefox.
However, as long as users update their browser settings and apply the patch being issued today, all will be well, assures Microsoft.
"Once applied, customers are protected against the known attacks that have been widely publicised. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released."
Details of the nature of the security risk are detailed in the Microsoft Security Bulletin.
Ongoing developments relating to this "out of band" update will be posted on the Microsoft Technet blog.