Our advice for Windows users is as follows:
• Update your AV and IPS software with the latest signatures
• Run Internet Explorer with limited privileges
• Enable DEP protection for browsers
• Avoid following links to un-trusted sites
iDefense provides a nice timeline and details about the value of a zero-day: only $15.000…
According to knownsec, earlier this year a rumor emerged in the Chinese underground about an IE7 vulnerability and in October it began to be trade privately. In November it got into underground black market and was traded for about $15K. Later in December, it emerged and people sold the exploit second or third hand for about $650. Finally, someone purchased those second hand exploits to develop and deploy a Chinese gaming Trojan.
On top of this issue, there are also reports about a Wordpad issue that is being investigated by Microsoft. All in all, I wouldn’t be too surprised if one ore more emergency patches are released before the end of the year.