The flaw was in the Microsoft Security Response Center s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update. The vulnerability used in the attacks (CVE-2010-0249) was privately reported to Microsoft last August by Meron Sellen, a white-hat hacker at BugSec, an Israeli security research company.
Source: https://threatpost.com/microsoft-knew-ie-zero-day-flaw-september-012110/73412/