"It is not as simple as patching IE for XP or Vista as it impacts 2000, XP, Vista as well as Microsoft Windows Server 2003 and 2008," says Don Leatham, senior director of solutions and strategy at Lumension.

The final critical patch (MS08-057) involved three privately reported vulnerabilities affecting Excel. The hole would allow a hacker to gain control of a system if the user opened a specially crafted Excel file.

In all, the four critical patches involved 10 vulnerabilities that were privately reported to Microsoft, a number that some say shows that the company is working more closely, and harmoniously, with researchers looking for bugs.

"If the security researchers feel respected by the vendor, they are more likely to come to them and say this it what it is rather than going public because they have these antagonistic feelings. That is actually a good trend for Microsoft," says Wolfgang Kandek, CTO of Qualys.

But Kandek says he sees another trend that is not so good, especially around the Host Integration Server flaw and the possible vulnerability to mainframe systems it creates.