According to Microsoft, the MS04-040 update does not include all hotfixes or patches released since February's (MS04-004) or October's (MS04-038) Cumulative Updates for Internet Explorer. So, if you have received fixes via Microsoft or via their support providers, you should use Internet Explorer SP1 update rollup instead.

Like Ero mentioned earlier, MS04-040 fixes the Internet Explorer vulnerability that is exploited actively. This vulnerability was used, for example, by Bofra worm, so upgrading as soon as possible is highly recommended.