To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39166274,00.htm

Microsoft to skip a Patch Tuesday
Zero-day holes will have to wait...

By Joris Evers

Published: Friday 09 March 2007

Microsoft has no new security updates planned for next Tuesday, despite at least five zero-day vulnerabilities waiting to be fixed.

In a note on its website, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.

Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.

The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many US IT pros may be occupied with the switch to daylight saving time, which at the behest of Congress, is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.

Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.

A company representative said: "Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers. Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."

Still, the lack of security updates also means cyber crooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Redmond has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.

Joris Evers writes for CNET News.com