Microsoft knew about ‘new’ Internet Explorer zero-day for 7 months but won’t patch

HP’s Zero Day Initiative (ZDI) publicly disclosed a zero-day flaw in Internet Explorer 8 after 180 days passed and Microsoft chose not to issue a patch. According to the ZDI advisory, the “use after free” flaw could be exploited if an attacker tricked a victim into visiting a tainted website, such as by clicking a link in an email or instant message, or by opening an emailed attachment.
Ms. Smith’s blog