"This must have really scared Microsoft," said Schultze said, speculating on why Microsoft might have issued the out-of-cycle patches.

It may also reflect an awkward public relations problem for Microsoft, which has been working more closely with security researchers in recent years. If Microsoft had asked the researchers to hold off on their talk until the company's next set of regularly scheduled patches -- due August 11 -- the company might have faced backlash for having suppressed the Black Hat research.

Microsoft itself has provided few details on the emergency patches, which are set to be released on Tuesday at 10:00 a.m. West coast time.

Late last Friday, the company it planned to release a critical fix for Internet Explorer as well as a related Visual Studio patch rated "moderate."

However, the problem that lets the researchers bypass the kill-bit mechanism may lie in a widely used Windows component called the Active Template Library (ATL). to security researcher Halvar Flake, this flaw is also to blame for an ActiveX bug that Microsoft identified earlier this month. Microsoft issued a for the problem on July 14, but after looking into the bug, Flake determined that the patch didn't fix the underlying vulnerability.