Other updates released Tuesday included one that quashed four bugs in the .Net development framework, which is bundled with every edition of Windows; another in Windows' kernel-mode driver that affected Vista, Windows 7, Windows 8 and Windows RT; and others that addressed vulnerabilities in System Center Operations Manager and the Open Data (OData) protocol.
Today's patches didn't end with Microsoft. Several other vendors also delivered updates. Adobe, for example, again patched Flash Player, the media software baked into Google's Chrome and Microsoft's IE10. And Mozilla pushed out Firefox 18, the newest edition of its every-six-weeks browser.
Among the torrent of patches, one not offered today was for the IE6, IE7 and IE8 zero-day bug that hackers have been exploiting since at least Dec. 7.
Neither Storms nor Miller thought Microsoft could wait until the next round of scheduled updates on Feb. 12, five weeks from today, to patch the IE bug -- not with reports of attacks coming from additional compromised websites, as well as claims by Exodus Intelligence that it's crafted exploits that sidestep both workarounds Microsoft has urged customers to use until a patch is provided.
"I wouldn't be surprised if they go 'out-of-band,'" said Storms, using the term for an emergency update. "They won't want to wait for five weeks, and there's enough pressure on them now to work on an out-of-band."
"They will go out of band on this," asserted Miller. "Windows XP users can't get to IE9, and there are a lot still running XP. I think they'll [have a patch] as soon as next week, and no later than two weeks."
IE9 and IE10 do not contain the bug, which according to Symantec, was used by the Elderwood group for cyber espionage. But because IE9 won't run on Windows XP, those customers are stuck with a vulnerable browser. Data from Web analytics company Net Applications puts XP's online usage share at 39% in December, meaning nearly four out of every 10 personal computer users runs the aged OS.
January's security updates can be downloaded and installed through the Microsoft Update and Windows Update services, as well as via WSUS (Windows Server Update Services), the de facto patching mechanism for businesses.