Microsoft Patch Tuesday delayed while 9 vulnerabilities remain

Alex Zaharov-Reutt
Friday, 09 March 2007 21:50

Your IT - Home IT

It’s the first time since September 2005 that Microsoft will completely miss patching any critical flaws on ‘Patch Tuesday’, with only non-critical patches due to arrive thanks to problems in fixing 9 outstanding vulnerabilities.

Because Microsoft is not happy with the quality of critical patches due for Patch Tuesday, which always falls on the second Tuesday of the month, Microsoft is delaying their release, presumably until Patch Tuesday falls in April, although Microsoft could issue the patches earlier if it so desires.

The most serious of the critical bugs affects Word 2000 and XP, where the vulnerability can be is known to have been already exploited on a small scale to remotely take control of an affected computer, although outstanding patches are also due for IE7, Publisher 2007 and Vista.

Patch Tuesday started way back in the days of Windows 98, and as Microsoft has not always delivered patches on time, the term ‘Exploit Wednesday’ has arisen to describe the malicious software exploits that hackers have written to take advantage of as –yet unpatched vulnerabilities.

Microsoft will however be the latest version of Micrsoft’s Windows Malicious Software Removal Tool, which receives monthly ‘Patch Tuesday’ updates. Microsoft will also release six other “non-security high-priority updates” but has not as yet specified what they are or pertain to other than being for Windows.

A Microsoft spokesman said that “Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers. Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps.”