And even if they're not, there have been threats that wreaked havoc weeks or months after a Microsoft patch.

"I don't want to compare this to Conficker," said Miller, talking about the worm that infected millions of Windows PCs in late 2008 and early 2009. "But that did its worst 30 days, 60 days after the patch [of the exploited bug]."

Miller had a point: Although Conficker first appeared just an October 2008 emergency, or "out-of-cycle" update, it only gained traction in January 2009, and peaked with three months after that.

Microsoft also released three other updates for Windows, and one each for Visual Studio and Expression Design, but the experts said they were small potatoes compared to MS12-020.

"It's all about RDP today," said Storms. "Either enable NLA or install the patch ... today."