According to CNET News.com, Microsoft is soon to release a patch for IE to fix the problem caused by the URL spoofing vulnerability. Their
solution, however, is not to fix the display bug, but instead is to disable URLs that contain usernames and passwords. Ingenious! Maybe they should fix their other security bugs by disabling the ability to view HTML pages.
Of course it is possible that CNET News has got the wrong end of the stick, but knowing Microsoft, anything is possible.