IE Flaw Remains Unpatched

“The third installment of Microsoft’s monthly patch roundups came and went last week with three new security bulletins but without a fix for a well-known Internet Explorer vulnerability.
Microsoft is aware of a major problem in Internet Explorer that involves spoofed Web site addresses and provides the technical foundation for several so-called phishing scams. These scams involve an e-mail instructing a user to “re-enter” or otherwise divulge banking, credit card information or personal financial information. Some phishing scams in wide circulation use spoofed e-mail addresses that make it appear that users are being sent to sites of legitimate institutions such as Barclays or Citibank.

icrosoft continues to point users concerned about the problem to a Web page originally posted in December. That page is available here: http://support.microsoft.com/default.aspx?scid=kb;[ln];833786.”

A patch is available from Openwares.org for this vulnerability – I’ve tried it on a couple of my machines without any problems – but use at your own risk.