Re: What is the risk of this bug really?
"So what? IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7."
And this new install of Windows 7 would instantly put up a wall of updates that it urges the user to install. In the case of Windows 7 (or Vista) that would already have a viable fix - upgrade to a later version of IE. You would have to be an extremely unfortunate person to ignore these warnings, use the default IE and happen upon a site which exploits you.
As I said, IE8 has low single digit % usage figures including Windows 7. This is not rich pickings for attackers. And I assume most people would have the sense to take heed of the warnings.
It is XP users who are affected since there is no update for IE8 and none forthcoming. My opinion is they've had ample warning of the end of life of XP (and associated products including IE) and there are numerous upgrade options. If people choose to stick with XP then at least they should use another browser.