Because Microsoft patched only the one zero-day vulnerability, said Storms, it's probable that next month's Patch Tuesday will include a wider-ranging IE update. "We do need to remember that its very likely we will still have a regular IE update in February," Storms said. "So just as soon as we are done getting this bad boy distributed, there will be another update waiting."
One possible sticking point with today's emergency patch is that it is not a cumulative update, or one that includes all past IE patches, as is the norm for IE. Users must also apply last month's MS12-077 to be up-to-date, and according to Microsoft, to avoid problems down the road.
"Customers who have not installed the latest cumulative security update for Internet Explorer [MS12-077] may experience compatibility issues after installing the MS13-008 update," Monday's security bulletin stated.
Today's out-of-band update was the first since September, and only the fourth since September 2010.
Windows users can obtain MS13-008 via the Microsoft Update and Windows Update services, as well as through the enterprise-oriented WSUS (Windows Server Update Services).
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.