Security experts applauded Microsoft for the move last month.

"It looks like IE will be the story every month now," said Storms, who noted there seems to be no shortage of IE vulnerabilities. "I don't think they're proving a point, that they're patching just because they said they can every month, but because they have to."

The IE update was rated critical for all client editions of Windows and all versions of the browser, from the 11-year-old IE6 to the current IE9. According to Paul Henry, a security and forensic analyst at Lumension, the IE update will patch four separate vulnerabilities.

Updates singled out by other researchers include those pegged "Bulletin 4" and "Bulletin 2" by Microsoft.

Lumension's Henry cited Bulletin 4 -- the one that will patch SQL Server -- as his most important, with Bulletin 2 not far behind.