SafeHTML, which Microsoft calls "HTML sanitization," is a defense designed to protect users from cross-site scripting browser attacks.

Storms based his opinion about MS12-066 on Microsoft's admission that it had been targeted by attacks exploiting the vulnerability.

"We have seen limited, targeted attacks attempting to leverage this vulnerability against Microsoft online services," said Microsoft in a note on its . The company did not elaborate on what online services had been attacked.

"So there are already attacks in the wild, and Microsoft itself has seen limited attacks," said Storms.

He and Miller also noted , a 13-bug update for FAST Search Server 2010, a component of the popular SharePoint Server 2010 software.