Both Greenbaum and Moore agreed that what sets the bug apart is the timing.

"The most interesting thing is that it seems to have been first exploited on Patch Tuesday," Greenbaum said. "If that's the case, then it's a safe bet that they timed it so that at the least they'd have a month before a patch is released."

"There are usually a couple of these floating around," noted Moore in an e-mail today. "I think the media focus is related to the Microsoft Tuesday timing more than anything else." During his research, Moore uncovered two Chinese servers that were serving malicious code, and noted that the exploits had been last modified Sunday and yesterday.

Symantec recommended that users enable DEP (data execution prevention) in IE and disable JavaScript. The former can be done by calling up Internet Options from IE's Tools' menu, clicking the Advanced tab, then checking the box marked, "Enable memory protection to help mitigate online attacks."

Microsoft didn't promise a patch, but said it might produce one. "Once we're done investigating, we will take appropriate action to help protect customers," said the company's spokesman. "This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves."