The other bulletin addresses a spoofing vulnerability. According to Microsoft, a successful exploitation of the flaw would allow an attacker to change the address bar in Internet Explorer so the user would be unaware of the fact that he was visiting a phishing website.
This second bulletin is rated “important” and is only needed by those who run Windows Server 2003.
The two bulletins will become available next Tuesday, on November 13. Microsoft will host a webcast to address customer questions on these bulletins on November 14, 2007, at 11:00 AM Pacific Time (US & Canada)