On Sept. 19 — last Thursday — HD Moore, the chief security officer of Rapid7 and the creator of Metasploit, said that no exploit module for the IE bug had yet been added to the toolkit.
If attacks do ramp up, Microsoft would be much more likely to issue an "out-of-band" security update to plug the hole. The next regularly-scheduled Patch Tuesday is more than two weeks away, slated for Oct. 8.
However, out-of-band updates from Microsoft are rare: The last one was MS13-008, an emergency patch issued Jan. 14 that dealt with a vulnerability in IE6, IE7 and IE8 that had been exploited for about six weeks.
Users can also temporarily ditch IE for an alternate browser, such as Google's Chrome or Mozilla's Firefox, to stay safe until Microsoft comes up with a permanent fix.
Sign up for CIO Asia eNewsletters.