It's not a total surprise that Microsoft gives major third-party vendors like SAP an early look at updates for just this reason, said Storms, although Microsoft hasn't actually publicized that practice.
"It's certain that a subset of vendors get the patches early, although they won't say who," noted Storms. "But they're much better off releasing early to vendors that have their own labs to test out."
December's security patches -- with the exception of MS11-088 -- can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.
The MS11-088 update, which affects only Chinese users of Word 2010 -- is currently available only through a manual download from Microsoft's download center. "The update will also be provided through our other standard distribution methods once testing has been completed to ensure distribution will be successful through these channels," Microsoft said in the accompanying write-up of the vulnerability.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.