"MS11-057 affects all Windows versions, and all it takes is a malicious [Web] page to take control of a PC," echoed Wolfgang Kandek, chief technology officer for Qualys. "It's a no-brainer to put this at the top of the list."

Other security experts from Symantec and Kaspersky Lab also highlighted the IE update as the one users should deploy first.

"Both of [the critical vulnerabilities] can be exploited by a drive-by download," said Joshua Talbot, security intelligence manager with Symantec's security response team, in an email. "The fact that vulnerabilities such as these continue to be so common is one reason why web-based attacks are so prevalent."

Drive-by download attacks are those that can be triggered simply by steering a vulnerable browser to a malicious website. Users are typically duped into visiting such sites by search poisoning efforts or links embedded in spammed email messages.

Most experts, including those on Microsoft's payroll, called out as the second update to apply as soon as possible.