Outside of the Word malware, which began circulating last month, Microsoft has not yet seen any of these exploits used by attackers, Toulouse said.

The availability of exploit code once again shows that there is no longer any "patching window" for companies, said Johannes Ullrich, chief research officer at the Internet Storm Center.

"Companies don't have the luxury of sitting back and waiting," Ullrich said. "They have to expect that public exploits will become available the day after vulnerabilities are disclosed, and they have to expedite the patching process," despite the challenges involved, he said.

Robert McMillan of the IDG News service contributed to this report.