Qualys' Sarwarte and Kandek, meanwhile, staked out MS08-070 as the second-most-interesting update among today's eight. "This is a far-reaching vulnerability," said Kandek, who noted that while end users won't be installing this update for Visual Basic, it can potentially affect anyone who browses the Internet with IE.

"Microsoft's telling developers that they need to update their development system and the Visual Basic runtimes, then notify users of the ActiveX controls that they've created," said Kandek, talking about the technology that provides IE with add-on functionality. "And again, all [hackers] have to do is just come up with a malicious Web site with vulnerable ActiveX controls."

The Visual Basic update patches a total of six bugs, all ranked critical.

Other bulletins include updates that patch Microsoft Word's file format (MS08-072, with a total of eight vulnerabilities), Microsoft Excel's file format (MS08-074, three vulnerabilities), Windows Media (MS08-076, two vulnerabilities), SharePoint (MS08-077, with one bug) and Windows Search (MS08-075, which deals with two vulnerabilities).

Some caught the eye of researchers. "The reason why I'm expecting questions about whether SDL is working is because of MS08-076," said Storms, referring to the two-patch update for Windows Media. "Both those bugs are very similar to what we've seen before in other Microsoft products."

Eric Schultze, the chief technology officer of Shavlik Technologies, agreed. "This is closely related to a security patch from last month -- MS08-068," said Schultze in an e-mail today. That bug, which Microsoft fixed in November, was in how the Server Message Block (SMB) protocol handled credentials when a user connected to an attacker's SMB server. At the time, Schultze and others claimed that the bug went back at least seven years.

"It's similar to the MS08-068 attack, but uses different communication mechanisms to logon to the computers," Schultze added. "Microsoft says that Windows Media Player doesn't play by the same rules as the operating system, and that's why this issue wasn't fixed in November. I'd get this one patched right away.

Storms, however, pointed to MS08-075, which patches Windows Search, the integrated desktop search function, in Windows Vista and Windows Server 2008. He found the update interesting, not so much because it only affects Microsoft's newest operating system, but because one of its two patches fixed a flaw in yet another protocol, this time "search-ms."

"There have been issues prior with protocol handlers in Windows," said Storms. "Why would Microsoft make it possible for a protocol handler to call my local file system? What's the validity of that?"