Microsoft Releases Early Cumulative IE Patch – Phishing Flaw Fixed

Microsoft has released a ‘critical’ cumulative security update for Internet Explorer – details and download links here - fixing a number of vulnerabilities, one of which is the infamous fake link ‘phishing’ flaw:

Microsoft broke its once-a-month schedule on Monday to fix a critical flaw in Internet Explorer that could allow malicious coders to take control of an unwary user’s PC. The most serious problem, known as a cross-domain security vulnerability, affects all versions of Internet Explorer running on Windows NT, 2000 and XP. A person with a vulnerable system who clicks on a link in an HTML e-mail or goes to a hostile Web site could allow an attacker to run code on their computer, Microsoft said in its advisory. The seriousness of the issue forced the company to release the latest fixes before its normally scheduled date, the second Tuesday of the month.. ..The update also fixes two other security flaws, including one that gained a lot of attention for its ability to make fake Web sites look real. Known as the phishing flaw, the problem allows scam artists to forge the address in the Internet Explorer browser’s address bar to display an address different from the actual site to which the user was being sent.

CNET News
Microsoft releases early IE fix

Microsoft
Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)