Microsoft leaving two vulnerabilties in Internet Explorer 8 unpatched
The second bug was only discovered yesterday, so perhaps Microsoft simply hasn't had a chance to work out a fix yet -- but the first flaw has already been exploited, and seen in the wild! Microsoft even admits it has seen targeted attacks, yet no fix is forthcoming.
The Google security researcher, incidentally, is concerned that third parties in China might also know about his recently-discovered vulnerability. In a beautiful twist of irony, one of his fellow researchers uploaded some data that revealed the exploit -- and moments later, the GoogleBot indexed the data, allowing two IP addresses in China to simply search for it.