I always wonder how...
...these exploits work - articles like this rarely say and I'm damn sure not gonna go look for myself.
You say windows vulns, but do they only work when browsing with IE, or are all browsers at risk, and if so, where does the way in lie? With a bit of javascript, or a file download that relies on the user clicking 'Run'? Does something like NoScript or UAC protect or are we all screwed either way?