Although the company said it would patch the problem, it is not planning to rush out an emergency update.
That exploit used a technique revealed earlier this year by McAfee researchers that defeats a pair of important Windows defensive technologies -- ASLR (address space layout randomization) and DEP (data execution prevention) -- designed to stymie most attacks.
Users running IE7 or IE8 on Windows Vista and Windows 7
are less likely to be affected by a successful attack, Microsoft claimed, because those browsers
include a feature called "Protected Mode" that prompts users before letting them install, run or modify certain operating system components.
Other browsers, including Firefox, Chrome, Safari and Opera, are not affected by the flaw.
The next regularly scheduled Patch Tuesday is Jan. 11, but because Microsoft usually updates the browser every other month, and just did so last week, it's possible the vulnerability won't be addressed until February.