Security experts brought up other concerns, too, namely that hackers may be "reverse engineering" HP's Digital Vaccine IPS signatures to find flaws in Microsoft's code, information that they then use to craft their zero-day exploits.

Robert Graham of Errata Security theorized that that could explain the connection between ZDI's report and the use of the CVE-2012-4969 vulnerability by hackers before it was patched.

"Many IPS vendors include [zero]-day protection, 'virtually patching' vulnerabilities in the IPS before the real patch is announced," said Graham in a . "That means hackers can simply reverse-engineer an IPS in order to get a constant feed of [zero-]days from the signature updates."

Romang, however, went further. Like Graham, he said reverse-engineering may explain the link between ZDI and the zero-day. But he also wondered if ZDI had leaked, whether purposefully or accidentally, the technical details of the CVE-2102-4969 bug.

Last month, a was exploited by the gang that controlled the server Romang had uncovered Sept. 15. Like the IE bug, the Java flaw was a zero-day -- there was no immediate patch. And like the IE vulnerability, the one in Java had been reported by ZDI.