[U: Delayed Until March] Uh Oh! Microsoft Delays Patching Publicly-Released Windows Zero-Day Bug

Author Photo
Feb 16, 2017
13Shares
Submit

[Update]: Microsoft has said that the updates to critical security flaws will now be released “as part of the planned March Update Tuesday,” on March 14, 2017 – a whole month after they were supposed to go live.

For the first time (ever?), Microsoft delays Patch Tuesday releases

Every month, Microsoft delivers fixes to security exploits along with other improvements. Following reports of a publicly known zero-day bug, today’s update was expected to be an important one. Redmond software giant, however, said in a blog post today that the company is delaying the release due to a last minute issue that couldn’t be fixed in time for Patch Tuesday releases.

microsoft-bug-bountyRelatedIntelligence Agencies Start Sharing Vulnerabilities – UK’s GCHQ Helps Microsoft Fix Flaws in Windows Defender

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

Microsoft didn’t share any further details on what exactly the last minute issue is. It also isn’t immediately clear when the patches will be made available. We have contacted Microsoft and will update if the company shares any more details.

This appears to be the first time ever since Microsoft began to release security patches on the second Tuesday of each month that the company hasn’t managed to deliver updates at the scheduled time. Microsoft had modified its patching schedule last year. The company isn’t expected to publish security bulletins starting this month, replacing them with an online database called Security Updates Guide. In January, both the security bulletins and release notes in the Security Updates Guide were published.

Following January’s Patch Tuesday which consisted of only four bulletins, including one for Flash Player exploits, today’s release was expected to be a big one. The company was reported to fix a denial-of-service (DoS) flaw in Windows which has public exploit code. Earlier in February, a security researcher released a Windows Server zero-day exploit on GitHub after Microsoft failed to release a fix, delaying it until Patch Tuesday despite being warned three months ago.

windows-10-30Related[Update] Microsoft May Have Broken Windows Update for Some Windows 7 Users – How to Fix Error 80248015

The zero-day security vulnerability is now available in the wild, with even the scheduled February 14 update unable to bring a fix due to that unspecified bug. The public disclosure of zero-day had triggered a security advisory from the US-CERT Coordination Center (CERT/CC).

Submit