Cluley said that vulnerability researchers sometimes need to be realistic about the processes a firm needs to go through to evaluate a vulnerability report, replicate the behavior, produce a fix, test that the fix does not cause any other problems and incompatibilities and then roll it out to millions of users.
"Generally, Microsoft's security team does an excellent job," he said. "Vulnerability researchers should work closely with Microsoft to fix problems responsibly, rather than risking assisting malicious hackers."
When vulnerabilities are made public, however, doesn't address an even bigger problem facing software users, said George Tubin, a senior security strategist with Trusteer.
"Vulnerabilities are there whether they're disclosed or not, and there are other vulnerabilities out there right now that we don't know about but somewhere down the road we will find out about them," Tubin said.
"We have to realize that the software we're using has vulnerabilities, and we need to put protections in place to protect us from them," he said.
Sign up for CIO Asia eNewsletters.