[ISN] Microsoft takes a 'Patch Tuesday' break

From: InfoSec News (alerts@private)
Date: Fri Mar 09 2007 - 00:04:18 PST


http://news.com.com/Microsoft+takes+a+Patch+Tuesday+break/2100-1002_3-6165647.html

By Joris Evers
Staff Writer, CNET News.com
March 8, 2007

Microsoft has no new security updates planned for Tuesday, despite at 
least five zero-day vulnerabilities that are waiting to be fixed.

In a note on its Web site Thursday, Microsoft said it won't release any 
security bulletins, yet it will release several updates that are not 
related to security. The second Tuesday of the month is Microsoft's 
scheduled patch release day.

Also on Tuesday, Microsoft will go ahead with an updated release of its 
Windows Malicious Software Removal Tool. The program detects and removes 
common malicious code placed on computers and is pushed out monthly.

The patch break could be a welcome respite for IT managers still busy 
testing the dozen fixes Microsoft released last month. Also, many IT 
pros may be occupied with the switch to daylight saving time, which at 
the behest of Congress, is happening three weeks earlier this year. Many 
computer systems don't have that change programmed in and require 
patching.

Microsoft occasionally has months when it has not released security 
updates. The last time Microsoft did not offer security updates as part 
of its monthly update cycle was September 2005, the company said.

"Microsoft continues to investigate potential and existing 
vulnerabilities in an effort to help protect our customers," a company 
representative said on Thursday. "Creating security updates that 
effectively and comprehensively fix vulnerabilities is an extensive 
process involving a series of sequential steps."

Still, the lack of security updates also means that cybercrooks have 
more time to exploit known security vulnerabilities. There are five 
known zero-day holes in Microsoft products, according to eEye Digital 
Security. Microsoft has warned that a bug in Word is being exploited in 
attacks. The company has said it is working on a fix.


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Fri Mar 09 2007 - 00:14:25 PST