Posted by: Dan O'Connor
Here is the notification now MS12-063.
It’s nice to see them get it out before the regular Tuesday patching cycle. I have not seen or heard of any first hand accounts of it being exploited but there is a metaspliot module now so it won’t be too long.
It’s not the severity of this or it’s use as a zero-day attack, to me what is surprising is that it goes all of the way back to IE 6. For something to be there that long and no one to know about it is amazing. It makes me think that some organization out there knew about this and was sitting on it in case they needed it for a project.