MS04-040: Cumulative Security Update for Internet Explorer (889293)   01 Dec 2004 00:00 GMT
This update resolves a newly-discovered publicly reported vulnerability. A vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Source: TechNet

MS04-039: Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258)   09 Nov 2004 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. This vulnerability could enable an attacker to spoof trusted Internet content.
Source: TechNet