bit-tech.net

Microsoft misses Patch Tuesday following 'last minute issue'

Microsoft misses Patch Tuesday following 'last minute issue'

Microsoft has missed Patch Tuesday, following the discovery of a 'last minute issue' in the roll-up patches it was due to introduce this month.

Microsoft has broken with tradition and delayed the release of February's Patch Tuesday software updates, following the discovery of what the company has described as a 'last minute issue'.

For years, Microsoft has followed a rigorous patching schedule that sees operating system and other software updates released on the second Tuesday of every month - colloquially known as Patch Tuesday, despite Microsoft's unsuccessful efforts to rebrand the monthly event as Update Tuesday as a means of sidestepping the negative connotations of 'patch' as covering 'holes' in the software. It typically takes a serious problem for Microsoft to veer from this schedule: Out-of-band patches, released between Patch Tuesdays, are few and far between, and it's unheard of for the company to skip a Patch Tuesday altogether. Until now, anyway.

'Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today,' Microsoft explained in a statement published late last night. 'After considering all options, we made the decision to delay this month’s updates. We apologise for any inconvenience caused by this change to the existing plan.'

Thus far, Microsoft has neither provided a revised schedule for the software's release nor an explanation of exactly what issue is so serious as to delay the regular Patch Tuesday updates - especially given that it is known the patches include more than one designed to address critical security vulnerabilities in the company's operating systems. The delay may stem from Microsoft's recent decision to do away with individual patches in favour of monthly patch bundles: Under the old system, Microsoft would have been free to hold back - or pull entirely post-launch, as it has done in the past with faulty updates - selected updates, but under the new system it's all-or-nothing.

For Microsoft, though, it's a case of damned-if-you-do, damned-if-you-don't: Its decision to delay the updates beyond the regularly scheduled Patch Tuesday will win it no fans among corporate users who set aside the day for testing and rollout, but its previous approach of releasing patches with inadequate testing - including one which broke PowerShell and another which reset users' privacy settings, not to mention the multi-monitor breaking patch from January - was clearly not working either.

UPDATE 20170216:
Microsoft has updated its statement to confirm that it is entirely skipping February's Patch Tuesday release, leaving actively-exploited security vulnerabilities unpatched for a full month. ' We will deliver updates as part of the planned March Update Tuesday, March 14, 2017,' the company's updated statement reads, still without explanation as to the cause of the delay.

4 Comments

Discuss in the forums Reply
Paradigm Shifter 15th February 2017, 13:03 Quote
I'm surprised. Since the "bundle" updates, "last minute issue"(s) - or, indeed, well known in advance ones - haven't stopped them from releasing it anyway.

Hopefully, this will encourage MS to go back to making updates pick 'n' choose... but I doubt it.

Must have been a real humdinger of an 'issue' to make them delay it, however, given how much of a PITA some of the past ones have been.
Gareth Halfacree 16th February 2017, 10:15 Quote
Certainly was a humdinger: Microsoft has confirmed that it's completely skipping this month's Patch Tuesday, and that the patches will be added to March's Patch Tuesday rollup instead. Given that there are actively-exploited security vulnerabilities in the delayed bundle, that's pretty chuffin' serious.

Still no word on what the problem actually is, mind - but it's clearly serious. (It also shows the fragility of the new superhyperrolluppatch system: if this was back in the day, Microsoft could have just delayed the one patch that was buggered and sent the rest live.)
Corky42 16th February 2017, 16:10 Quote
What's most odd is that I've been reading this even applies to things like .NET and Office, this has lead people to speculate that Microsoft broke the Windows update system or that its been compromised by a third party.
Paradigm Shifter 18th February 2017, 14:19 Quote
Quote:
Originally Posted by Corky42
What's most odd is that I've been reading this even applies to things like .NET and Office, this has lead people to speculate that Microsoft broke the Windows update system or that its been compromised by a third party.
I have a hard time deciding which of those is scarier: that MS broke such an essential system so well... or that someone else got inside.

Either way, I find the frankly shocking level of communication from MS on this issue is just not good enough.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums