Security experts also picked out the ZDI attribution, and speculated on what that meant.

"[The early warning] helped Microsoft get the patch out so quickly," said Wolfgang Kandek, CTO of Qualys, in an instant message conversation Friday. Researchers had praised Microsoft for turning out a patch in less than a week. But Kandek doubted Microsoft had much warning, citing the CVE identifier's assignment date.

ZDI's listing of -- those for bugs it has reported to vendors -- included 10 for Microsoft with "Anonymous" as the researcher.

The most recent match was reported to Microsoft on July 24, 2012, said ZDI, while the oldest was submitted May 25, 2011. Others between those two dates were logged on July 16 and March 14 of this year, and on Nov. 29, 2011.

If the newest was the one reporting CVE-2012-4969, Microsoft knew of the IE zero-day for more than seven weeks before Eric Romang, the researcher who announced finding an exploit on a hacker-controlled server, disclosed his discovery Sept. 15.