At the time, however, Microsoft said it would not issue security advisories for third-party software.

Today's advisories were part of a larger announcement by Microsoft that made public details of its bug policy, which it dubbed "coordinated vulnerability disclosure," or CVD, almost nine months ago.

Last July, Microsoft said it would used to describe the back-and-forth between bug finders and vendors, and instead use the new moniker CVD. At the time, Microsoft admitted the move was primarily a name change designed to eliminate what it said was the "emotional" context of the older term.

Microsoft published the policy today -- something it had not done last year -- and asked that others in the security community "embrace the purpose of this shift, which is ultimately about minimizing customer risk, not amplifying it."

Today's advisories are a demonstration of that policy in action, said Reavey, who also acknowledged that future advisories will address complaints that critics had aired about CVD.