Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Patch Tuesday Security Updates Nixed
Patch Tuesday Security Updates Nixed
Patch Tuesday Security Updates Nixed
By Jennifer LeClaire / NewsFactor Business Report Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

With Daylight Savings Time patches being deployed and tested, corporate I.T. administrators can catch their breath next week as Microsoft scrubs its monthly Patch Tuesday release.

Despite eEye Digital Security's Zero-Day Tracker showing at least five zero-day software vulnerabilities are as yet unaddressed, Redmond said it has no plans to issue new software security updates in March.

Last moth, Microsoft released 12 updates that patched 20 security holes in its products. January saw four security bulletins that addressed 10 bugs. Redmond is reportedly developing fixes for vulnerabilities in Publisher 2007, Internet Explorer 7, and Windows Vista, but I.T. admins will have to wait until at least April to plug the security holes.

Security Researchers Puzzled

Microsoft has only skipped Patch Tuesday a few times since it launched the monthly security patch distribution cycle in 2003. Microsoft's last Patch Tuesday time out was September 2005. Security researchers are offering various responses to the news.

"We were not expecting this and we're not sure what to make of it," said Mikko H. Hypponen, chief research officer at F-Secure.

PI Dynamics Security Evangelist Michael Sutton, however, has some definite opinions. He said that, while there can be little doubt that coordinating a patch release takes a tremendous amount of planning and effort, it is cause for concern when an opportunity to release patches for unpatched vulnerabilities expires without action.

"You will find no fewer than a dozen vulnerabilities that have been reported to Microsoft," Sutton said, noting advisories posted by TippingPoint and eEye. "Many of the advisories are several months old, so it is difficult to accept that Microsoft has not had sufficient time to prepare an patch."

A Welcome Reprieve?

Meanwhile, Thomas Kristensen, CTO of Secunia, said he has the impression that many I.T. admins welcome the monthly patch reprieve. What's more, he said he is confident that Microsoft would have released patches on Tuesday if they were ready.

"Generally speaking, it just seems like Microsoft cleared their pipeline last month, which is good as all security fixes ought to go out as soon as possible after they have been through quality assurance testing," Kristensen said. From his perspective, malicious code writers probably won't gain any ground in next 30 days despite the unpatched bugs.

Microsoft still plans to release an updated version of its Windows Malicious Software Removal Tool on March 13, and also will release two high-priority, nonsecurity updates for Windows through the Windows Update and Software Update services and four high-priority, nonsecurity updates through Microsoft Update and Windows Server Update services.

Microsoft could not immediately be reached for comment on its decision not to issue security patches this month.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.