Some wondered whether the Flash patching gaffe was just a one-off. "Hopefully this is a one time problem," said someone labeled on a Microsoft support thread two weeks ago.

It's unknown how Microsoft will handle updates for Flash after Windows 8 ships next month: The company has said nothing other than it will deliver Flash changes through its own Windows Update service.

In July, however, Microsoft announced it now had the capability to , a break with a years-long tradition of patching the browser only in even-numbered months. The change may be a clue that Microsoft expects to update Flash in IE10 on Windows 8 frequently.

But even a monthly timetable could leave Windows 8 users vulnerable to Flash exploits for weeks unless Adobe or Microsoft, or both, change their update practices.

Microsoft has a monthly patching schedule, called Patch Tuesday, and has rarely gone outside that to issue emergency, or "out-of-band" updates. In the last two years, for instance, it has shipped just one out-of-band patch. Meanwhile, Adobe does not adhere to any set patching schedule for Flash Player.