Microsoft has officially released a roll-up patch for its software to the Windows Update platform, including patches scheduled for March's Patch Tuesday as well as those originally scheduled for February's cancelled Patch Tuesday - though remains silent on the reason for said cancellation.
The patches originally scheduled for release last month have finally hit Windows Update as part of March's Patch Tuesday bundle, including fixes for six publicly-disclosed and exploited security vulnerabilities.
Microsoft has been following its Patch Tuesday release schedule - which it has previously unsuccessfully attempted to rebrand to Update Tuesday in order to skirt the negative connotations of the word 'patch' - for many a year now, scheduling the release of both security and feature updates for the second Tuesday of each month. In doing so the company claims it aids system administrators in knowing when to put aside time for testing and release, though it has previously broken the cycle in order to send out particularly critical security updates know to be under active exploitation ahead of time.
Last month, however, the second Tuesday came and went with no sign of any updates from Microsoft. The company issued a brief statement
which claimed a 'last minute issue that could impact some customers [...] was not resolved in time for our planned updates today,
' while describing the move as a 'delay
' - only to issue an updated statement the next day confirming the outright cancellation of the updates, despite the presence of actively-exploited security vulnerabilities in the company's Windows platform.
While Microsoft would release out-of-band security patches for Adobe's Flash Player software
later that month, the remainder of the updates were bumped to March's Patch Tuesday bundle which was released last night with no explanation for the original delay.
The major patches contained in the March Patch Tuesday bundle concern five high-severity remote code execution vulnerabilities in the company's software, which Microsoft has rated as particularly easy to exploit. Six vulnerabilities, meanwhile, have been previously made public or are known to be under active exploitation, including flaws in Internet Explorer and Edge, flaws in the Server Message Blocks (SMB) networking protocol, flaws in the Graphics Device Interface (GDI), a privilege escalation vulnerability in the Windows kernel itself, and an information disclosure vulnerability in the platform's XML Core Services.
A full list of the security patches found in the March Patch Tuesday release is available on the Microsoft Security TechCentre website