To get the skinny on the new 2MB patch on the flaws of IE, you should read this.
The first flaw occurs when the browser sends information within a link to another browser. Known as cross-site scripting, the technique can be abused by an attacker to get the other site to run a program specified by a malicious user. The flaw outlined by Microsoft on Wednesday would require that the attacker either host a Web page with the malicious link or send an HTML command via e-mail.
The two critical flaws that could compromise user information occur because of the way IE handles popular site templates, known as cascading style sheets, and the way it processes cookies. Both require the exact names of files on the target system to work, reducing the risk somewhat. [PAGEBREAK] Read more about the bugs at News.com