More Internet Explorer (IE) problems and promised fixes are in the news. Yet another spoofing hole has been discovered in IE, this time one that allows an attacker to mask the true file extension of malicious downloads. Microsoft says it is investigating the problem, but is making no commitments on when it will issue a patch. At the same time, Microsoft is planning an IE and Windows Explorer update that will disable the use of a certain syntax in HTTP URLs. Microsoft also is declining to say when it will release this update. Perhaps Redmond will make these two additional patches available when it finally fixes an IE spoofing hole discovered in December. But perhaps not.