Microsoft releases critical security patch

Microsoft has released MS04-004, a cumulative security update for Internet Explorer that addresses a long-awaited patch resolving the URL obfuscation vulnerability first discovered in December 2003. The vulnerability allowed specially crafted links to send the user to one site, while displaying the address of another. The vulnerability was widely exploited in email phishing schemes, which tried to trick users into clicking the malformed link and enter their financial account information on the forged site. Emails purporting to be from Citibank and the FDIC were among those used to defraud recipients.
MS04-004 patch info | Citibank phishing scam | FDIC phishing scam