While the exploitability index and guidance from Microsoft are helpful, it is up to IT admins to assess the vulnerabilities and the risk posed by each to their unique environment and prioritize the patches accordingly. Jason Miller, manager of research and development at Vmware--which , says, "With such a large number of bulletins and affected products this month, it is important to review each bulletin thoroughly and plan your patch attack this month. Every machine, whether server or workstation, will be affected this month."

It is worth noting once again that newer operating systems and applications are at . If organizations are weighing the decision to upgrade operating systems, Web browsers, or productivity suites, they should certainly factor in the increased cost of the time and effort required to support and protect legacy software. Lumension's Henry stresses, "It is absolutely imperative that people download a newer version of IE in order to take advantage of the more secure codebase."