Wolfgang Kandek, CTO of Qualys, also focused his attention on the Word update, but put different spin on it than Carey. "[A critical rating] is not very common for Office vulnerabilities and typically indicates that no user interaction, such as opening an affected file, is required to trigger the vulnerability," Kandek said.

The six important updates will address one or more vulnerabilities in Windows, SharePoint Server, FAST Search Server, Groove Server, Office Web Apps, Microsoft Communicator, Microsoft Lync and SQL Server, versions 2000 and later, including , which shipped six months ago.

Most of them can be postponed, the experts said today, at least according to the information available in the bare-bones advance notice.

"Bulletin 7 [the SQL Server update] will depend on the attack vector Microsoft reveals next week," said Storms. "If it's an elevation of privilege bug that's difficult [for hackers] to get to, you'll be better off waiting."

Storms based that advice on the calendar: Many enterprise lock down their networks, servers especially, in October and early November to insure they're running during the crucial holiday season. During a lockdown period, IT administrators pass on all patching, just in case a fix causes problems. SQL Server is often a mission-critical part of a company's back-end infrastructure, powering databases that manage online sales stores.