I find this hard to figure out why MS and other vendors do things like this.
Ok so you are warning your users to be on the look out for a remote code exploit, thats great because they all know what they are looking for…
What can they do about it? well not go on the internet, but then how are they going to get updates and read your warnings?
Ok use another browser, that has same issues.
Why not release a fix for the issue? I know the once a month patch thing is nice for a lot of sysadmins. but it’s even better for someone that wants to release attack code, just wait until the first Tuesday of the month, release your code and you have 30-31 days of free rides!
If the issues are really that bad, I would think that it would be patched or why bother releasing it?