As Microsoft’s December patch rolls by , nicely bedecked with updates for security flaws that have plagued computers for the past few weeks, the astute observer might note the conspicious absence of a patch for a new flaw in the way Internet Explorer 7 parses XML that can lead to total compromise of affected systems.
Non-chinese-reading readers are advised to use the google-translated version we’ve provided a link to here.
The exploit is used to download and execute a known Trojan, so most AV users are relatively safe for the moment. However, the minute the payload is changed, the picture will become completely different. Remains to be seen if Microsoft will issue an out-of-cycle patch or wait for the usual month before acknowledging and fixing the issue.