News

Microsoft's February Security Patch Delayed

• By Kurt Mackie
• 02/14/2017

Microsoft's February "patch Tuesday" release did not arrive as scheduled.

The reason for the delay was briefly explained in this Microsoft Security Response Center announcement. Microsoft attributed the delay to "a last minute issue that could impact some customers and was not resolved in time for our planned updates today." No information was provided on when February's security updates would arrive.

Typically, Microsoft releases its security patches on the second Tuesday of every month in a so-called "update Tuesday" release. It's been a rolling tradition, like clockwork and seemingly without pause, until today.

IT pros who address patch management tasks have often been disturbed by quality issues associated with the more frequent Windows 10 update process. If quality were the issue, though, any delay by Microsoft might be considered a relief of sorts.

Microsoft now releases updates to all of its supported Windows systems as cumulative updates. Cumulative updates contain all previous updates for the operating system. However, one bad patch in a cumulative update wouldn't necessarily cause a patch Tuesday delay, according to speculation by Chris Goettl, a product manager with Ivanti (formerly known as "Shavlik).

"Now, speculation as to if this was an issue with one of the cumulative updates that caused this delay is not entirely unfounded, but thinking about this, if it were one update that was broken Microsoft could release everything else," Goettl surmised, in a released statement. "The fact is, Microsoft didn¹t release anything, which sounds more like an infrastructure issue."

Goettl noted that the patch delay also means there's a delay in addressing a zero-day Windows SMB vulnerability that was publicized earlier this month by U.S. CERT. The flaw was thought to be getting a fix today.