This one surprised me and probably will surprise you, as well.
As of this morning, there are at least two "third party" patches for the outstanding IE vulnerability, they are gaining acceptance among those who make the decisions about what to install and when in the data center.
With the availability of a perfectly effective workaround (disabling ActiveX controls) I can't see any sense in using that and waiting for Microsoft's precious patching schedule to deliver the official one. The only possibly mitigating factor in this decision is if my users depend on ActiveX for some important functionality. Absent that, I wait for MS.
Perhaps MS should break their schedule and release early. As I don't know the ins and outs of what is happening in Redmond, I can't say for sure whether or not they could successfully do that.
Of course; I can just use Firefox.