With seven bulletins in April, Microsoft's total bulletins for 2012 rises to 35, compared to the 36 issued by the same point last year. Interestingly, Microsoft's release schedule has been far more consistent than in years past. From January through May 2012, the total number of Patch Tuesday bulletins issued in a single month has dipped as low as six and risen only as high as nine. In the same period last year, those totals ranged from two in both January and May to 12 in February and 17 in April.

This trend shows a sign of stability in Microsoft research and makes the jobs of systems administrators much easier, Kandek says.

"I'm not sure how they do this internally in terms of planning, but it seems to me going to a more steady stream is a sign of maturity, and from my systems administration perspective I prefer that than every two months getting something bigger," Kandek says. "I personally prefer a steady stream coming out. I can deal with that better, rather than things where suddenly my capacity is stretched more."

Andrew Storms, director of security operations for nCircle, also took note of Microsoft's continued move away from the "feast and famine" approach of last year. However, the number of bulletins is less relevant than the number of common vulnerabilities and exposures (CVEs), Storms says, and the security community should put more focus on Microsoft's increase in that area this year.

"Bulletin numbers don't tell the whole patch story," Storms says. "CVEs correspond to the number of bugs fixed, and this year Microsoft is on a CVE streak. With the 23 CVEs in May's patch, Microsoft's CVE count has already reached 70 for 2012. This time last year Microsoft issued just 59 CVEs."