According to Angela Gunn, security response communications manager at Microsoft, the company's ability to monitor the threat landscape allowed it to determine that attempts to attack the Internet Explorer vulnerability were very low, so there was no need for an out-of-cycle patch.
The other Windows issues are rated important or moderate.
The Office bulletin concerns Visio 2002, 2003 and 2007. It addresses a vulnerability that allows a maliciously crafted file to trigger remote code execution.
Microsoft also released a number of non-security updates, but one of them is all about security. Adam Shostack, program manager in Microsoft's Trustworthy Computing Security operation explained that "we reserve the term 'Security Update' to mean 'a broadly released fix for a product-specific security-related vulnerability.'"
So the update that changes the operation of Windows' Autorun feature is instead described as an "Important, non-security update."