Our investigation indicates that this issue will have limited impact because an effective attack requires a website to expose sensitive information in a specific way. Basically, an attacker would need to find a way to make a response look like a Cascading Style Sheet, and that response would need to contain sensitive information.

まぁ確かに…。で、直すのか直さないのかどっちだろう…。
IEBlog のほうはタイトルが "New XSS vulnerability in IE" になってるなぁ。