That's certainly possible, said Storms. "They could have made an administrative decision to delay other updates to give enterprises time [to work on their certificates]," he said.

Microsoft used that same tactic in March 2007, said Storms, when it issued no security bulletins because it wanted to give customers time to apply a Daylights Saving Time update to Windows that had been prompted by widespread changes in the U.S.

Next week's slate will be smaller than in past Septembers, Storms noted: In 2011, Microsoft shipped five updates that month, while in 2010 and 2009, the company issued 10 and five, respectively.

The October update to kill certificates with shorter -- and thus more vulnerable -- keys was triggered by the discovery of Flame, the sophisticated espionage tool discovered by Kaspersky Lab. Flame infiltrated networks, scouted out the digital landscape, and used a variety of modules to pilfer information. Among its tricks was one called the "Holy Grail" by researchers: It managed to , Microsoft's update service, to infect completely-patched Windows PCs.

Microsoft reacted by and beefing up Windows Update's security.