Microsoft's hand may be forced if recent online reports are accurate. Those reports, citing researchers who said they have spotted exploits of the IE bug being served by other compromised websites, may indicate an uptick in the number of attacks, often a factor in whether Microsoft issues an emergency update.
Narang was unable to confirm the additional attack sources, or say whether Elderwood was behind them.
Attack code, however, has been public since Saturday, Dec. 29, when a module was added to the open-source Metasploit penetration testing framework, a tool used by legitimate researchers and cyber criminals alike.
Sign up for CIO Asia eNewsletters.