The IE update was just one of four rated "critical" by Microsoft. The remaining three critical updates were all aimed at Windows, including one that applied to the newest Windows 8, Windows RT, Windows 8.1 and Windows RT 8.1, according to Microsoft's advanced notification distributed today.
Experts recommended that customers install the Windows updates as soon as possible after their release. "Bulletins 2 and 3 are through the stack and might end up rating more attention than the IE update," warned Storms.
Microsoft said Bulletin 3 did not affect Windows 8.1 or Windows RT 8.1, but that Bulletin 2 did.
The other four updates will patch vulnerabilities in Excel, other pieces of Office, the SharePoint collaboration server software and Silverlight, a media format Microsoft seems to have discarded or at least isn't interested in developing further.
Because the Office-related vulnerabilities were ranked as "important" even though Microsoft said hackers could exploit them to plant malware on customers' PCs, Storms said it was probable that any attack code required considerable user interaction to work, such as downloading files, opening shared folders or clicking through multiple warnings.
"Being exploited via a drive-by is not going to happen," said Storms, referring to the most dangerous attacks, which only require a user to visit a malicious website to trigger exploits.
Microsoft will release next week's security updates on Oct. 8 around 1 p.m. ET.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is email@example.com.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.