The update that will patch all possible attack avenues, would be released as ealy as 10:am, Thursday.
Researchers claim that it is possible to bypass the DEP ( Data Execution Prevention ), as well exploit both IE 7 and IE 8. Microsoft hasn't confirmed or denied any of these claims
Microsoft did admit that the IE vulnerability could be exploited by including an ActiveX control in a Microsoft Access, Word, Excel, or PowerPoint file
Internet Explorer's vulnerability is about to patched on Thursday