Although unofficial patches can be useful in some cases, it's unlikely that many businesses -- especially larger ones -- will deploy them, said Andrew Jacquith, an analyst at Yankee Group Research Inc. in Boston. Most IT managers "would really rather wait" than run the risk of implementing an untested patch, he said.

Bill Cassada, enterprise network administrator at Healthways Inc., a health care services company in Nashville, said that work-arounds are often available to help users mitigate the risks of unpatched flaws. With the latest vulnerability, for instance, all that needs to be done to protect systems is to turn off the Active Scripting function in IE, Cassada said.

Quality concerns

Microsoft is looking at ways to provide speedier fixes for zero-day flaws, said Stephen Toulouse, security program manager at the company's Security Response Center. But, he added, "there are some huge challenges to that."

First and foremost is the issue of quality control, Toulouse said. Microsoft must ensure that its updates work properly and support a wide range of platforms. "We can't leave anybody behind," he said. "And unfortunately, [a patch] might be introducing new problems. So whenever we look at even a quick hack, it's got to be of quality."