Jason Miller, of VMware's research and development team, warned that other browsers might be vulnerable to such attacks, too. For that reason and others, Miller expected hackers to eagerly dig into the Duqu fix.
"Microsoft dug deeper into the vulnerability, and discovered more attack vectors [than Word] because they are privy to the source code," Miller said, praising Microsoft's work. "But if I'm an attacker and I know Duqu was effective, I'd look into whether it could affect multiple browsers. That would give me an even bigger attack vector to use."
The other bulletin Microsoft put on its patch-now list was MS11-092, which fixes a single critical bug in Windows Media Player.
Storms and Kandek echoed Microsoft's stance.
"Windows Media Player's [vulnerability] is a drive-by," said Storms, referring to attacks that only require users to steer their browser to a site hosting malicious content to be successful.
But Miller disagreed. "The file extension [that contains the vulnerability] is not a common one," Miller said. "I'd expect it to be blocked at the firewall by most machines."
Instead, Miller championed MS11-099, a three-patch update for IE, as a must-do -- even though Microsoft rated it as important, a departure from the critical ranking browser updates usually receive. "Any IE vulnerability scares me because browsers are the most-used attack vector," said Miller.
But Storms and Kandek both downplayed the need to immediately apply the IE fixes.
"It's probably the only time that an IE update hasn't been rated critical," said Storms. "But there are no memory corruption vulnerabilities that can be exploited by remote code, so we're not looking a critical release."
Two of the IE bugs were tagged as information disclosure flaws, while the third was yet another in a series of vulnerabilities grouped under the "DLL load hijacking" classification.
DLL load hijacking, sometimes referred to as "binary pre-loading," describes a category of bugs that can be exploited by tricking an application into loading a malicious file with the same name as a required dynamic link library, or DLL. Microsoft patched two DLL load hijacking bugs today -- the other was in PowerPoint 2007 and 2010 on Windows and PowerPoint 2008 on Mac -- making an even 20 load hijacking-related updates it has issued since November 2010.
Other bulletins caught the eye of some experts, but not all.
Kandek, for example, flagged MS11-089, a one-patch update for Word 2007 and 2010 on Windows, and Word 2011 on Mac.
"Office vulnerabilities are always important to patch, even if an exploit requires that the user open a file to trigger it," said Kandek. "It's very common for users to open Word documents," he said, citing several examples of targeted attacks, including a March hack of RSA Security and the Duqu attacks that began last spring, which succeeded by dangling malicious Word or Excel files in front of users.
The patch in MS11-089 was the first-ever by Microsoft for the .docx file format, an XML-based format that Microsoft debuted in Office 2007 in late 2006.
Microsoft also patched bugs in other software and Windows components, ranging from the Publisher program to Active Directory.
Not surprisingly, all three researchers commented on Microsoft pulling the BEAST-related patch at the last minute. Storms was the most positive about the move.
"If nothing else, this calls out the extensive testing that they do," said Storms. "They've been criticized for slow release cycles in the past, but they'll probably point to this in the future and say, 'Hey, look, this works.'"