Microsoft takes a 'Patch Tuesday' break

Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed.

In a note on its Web site Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.

Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.

The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.

Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.

"Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers," a company representative said on Thursday. "Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."

Still, the lack of security updates also means that cybercrooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.

[System Tyrant]

Taking a break.

I really don't care.

Personally I think they need to be pushing out security updates as soon as they are available. They can wait on feature updates.

[Robynsnest613]

Then if they are taking a break.........

Why did I just receive 3 new updates today, Tuesday March 13, 2007

Windows Malicious Software Removal Tool - March 2007 (KB890830)

Update for Windows Media Format 11 SDK for Windows XP (KB929399)

Update for Windows XP (KB929338)

[Karl Viklund]

Microsoft?

Very very nice. Thanks Microsoft.
Please take some advice and learn from the Open Source people when it comes to patches. If there is a flaw, then patch it and release the patch as soon as possible. It doesn't help companies, not normal people that you not release patches for know security flaws.

There is no such thing as Windows Security.

[fc11]

This article tries to fool people.

The 5 flaws posted by e-Eye are all of quite low severity. For example. the word flaw require people to open a word infected docuement. Even if there is no such flaws, are you confortable to open a word (or open office) document from an untrusted source?

On the number of flaws, it is quite unfair to compare Microsoft flaws to Firefox. A better comparison is between Microsoft and Firefox, Linux, Oracle database, open office, and Apache. You will be suprised to find how many flaws that these other software have in combination, and how many flaws are not yet patched.

Anyway, it an article is critical of Microsoft, people will believe it automatly, right? The golden rule of jounalism is that you want to write what people want to read, in order to entertain them.

[wbenton]

Security Basics 101

>>> The 5 flaws posted by e-Eye are all of quite low severity.<<<

Critical flaws are to be patched in 24 hours... non critical flaws are to be patched in 72 hours.

Low severity means non-critical and as such should be patched within 72 hours.

That's the norm... except for Microshaft!!!

Patch Tuesday is also incorrect... Tuesdays occur every week of the month... 52 times per year!!!

But Microsoft doesn't come out with 52 patches... they only patch monthly which means 12 times a year... less one for this year making it 11 per year.

Thus why applaud Microsoft for renigging on it's user's security concerns?

Walt

[Dalkorian]

Fools

fc11 added this thought to the conversation:

"The 5 flaws posted by e-Eye are all of quite low severity. For
example. the word flaw require people to open a word infected
docuement. Even if there is no such flaws, are you confortable to
open a word (or open office) document from an untrusted
source?"

First off, it's only "low severity" because unlike most Winblows
issues, the user actually has to do something to become infected
(like open a Word document). It doesn't automatically corrupt
and/or take over your computer all by itself without you even
being there.

Secondly, as to the comment about opening Word documents
from untrusted sources, I wouldn't think twice about doing this
in most cases. But every one of those cases involves me being
on any computer that isn't running Winblows. Linux, OSX ...
typically no worries.

Of course, Word is a Micro$loth product, so maybe I would think
twice. Micro$loth hasn't ever had a clue as to what the word
"security" even means, let alone how to do it. The point is I
might open an unknown/untrusted Word document on a decent
OS, but I would NEVER open the same document on a Winblows
box, no matter what. That's just suicide.

[rubenerd]

Resources available to fix problems?

How much money does Microsoft have again?

[wbenton]

Sad state of affairs if you ask me...

>>>five zero-day vulnerabilities that are waiting to be fixed.<<<

And yet MS takes "a break"?.

Need a headline re-write...

Microsoft renigs on it's security vow...

OR

Microsoft decides to ignore critical zero-day flaws...

OR

Microsoft abandons users to give their patch people a break...

Now those are headline making material... but being on the Microsoft payroll... I CANNOT AGREE... But understand the watering down of the headline!!!

GET YOUR STAFF OFF THE MS PAYROLL and report it LIKE IT IS!!!

Walt