Microsoft cancels February Patch Tuesday despite 0-day in wild

Microsoft's monthlong delay of patches may pose risks

February was supposed to be the first month when Microsoft was expected to publish information about vulnerabilities and patches on a new portal called the Security Updates Guide instead of organizing it in Security Bulletins, as it has been doing for nearly two decades.

In a blog post, Microsoft blamed an unspecified last minute issue for the delay, however it would not go into specific detail as to what was involved. 'After considering all options, we made the decision to delay this month's updates. "We apologize for any inconvenience caused by this change to the existing plan", added the company.

Microsoft's patch deferral this month is a historic event of sorts. This week, Microsoft announced it would be missing its Tuesday release target due to an unforeseen issue.

Under the previous policy, Microsoft could delay a single patch - when, for example, that patch had not been completed or properly tested in time - without impeding the company's ability to release all other fixes. Microsoft has been moving its older operating systems towards a cumulative update model similar to the one it uses for Windows 10.

"There were some people who were concerned that if we can not install one patch individually, and then something goes wrong with one patch, we can not uninstall just that patch", Sarwate said.

Microsoft needs to quickly provide an update when the patches will arrive so that administrators can prepare, Sarwate said. The flaw is present in most versions of Windows and could leave users open to attacks that let hackers crash vulnerable machines. He learned about the Patch Tuesday delay from a bulletin on the SANS Institute Internet Storm Center site.

No date has been given for when the delayed update will be delivered. However, it is worth pointing out just in case. It's easier to identify new issues with certain devices this way, and if one issue needs to be fixed, users won't be denied dozens of other security fixes for weeks or months.

Now You: What do you think happened that forced Microsoft to postpone the February 2017 Patch Day?

Related:

Comments


Other news