A good update at Threatpost:

Their new exploit beat a fully patched Windows system running IE 8, the same version of the browser exploited by malware used in watering hole attacks against a number of political and manufacturing websites, including the Council on Foreign Relations in the U.S., and Chinese human rights site Uygur Haber Ajanski.

More motivation to move to updated browsers, as difficult as that often is. I’m really hoping IE 10 can break this cycle a bit (and I bet Microsoft is as well). Still, IE 8 is only a bit over 3 years old, which isn’t all that ancient compared to XP.

If you are stuck on old browsers, and have the capability, take a serious look at EMET. Kills most of these attacks cold.