No patch Tuesday for Febuary 2017?

edited February 2017 in Software
http://www.ghacks.net/2017/02/16/no-february-2017-patch-tuesday/
Patch Tuesday is a recurring event on the second Tuesday of each month. Microsoft will release security patches for Windows operating system versions and other company products on that day.

An update to the original announcement on February 15, 2017 confirms that the February 2017 Patch Tuesday has been cancelled, and that the next batch of updates will be delivered on the March Patch Tuesday instead.
Microsoft is very vague in the announcement. First, it is not really clear if all updates are postponed, or if only a subset of updates are not delivered. While it seems clear that Windows updates are postponed, it is not really clear if the same is true for Office, Microsoft .NET or other Microsoft product updates.

Second, and this is the major problem for many probably, is that the postponing means that Flash has not been updated yet, and that the SMB Zero-Day vulnerability has not been patched either.

Third, we don't really know anything about the issue that delayed the release of security patches. This opens the door for speculation, and suggestions ranged from "what Microsoft said" to Windows Update servers may have been compromised.

Comments

  • The funny thing is, no matter how you spin it, it boils down to incompetents at Microsoft.

    I'm imagining something along the lines where they had to fire someone for that vulnerability, so they fire some hapless security patcher, but they forgot that was the only person doing the job as well as pushing out the updates, so now they are scrambling to bring in a fleet of more outsourced Indian labor to do the same job.

    Ok, probably not, but that level of incompetence.
  • SomeGuy wrote:
    I'm imagining something along the lines where they had to fire someone for that vulnerability, so they fire some hapless security patcher, but they forgot that was the only person doing the job as well as pushing out the updates, so now they are scrambling to bring in a fleet of more outsourced Indian labor to do the same job.
    Pitch that idea to some high budget television network, that would be the best television show ever. But I digress, Microsoft is probably filled with incompetents.
  • I wondered why I hadn't received my batch of updates this week... now I know why. Don't know if I should be concerned or not but if it's anything to do with Microsoft being rather lazy or incompetent, then that's their problem. But please, don't make it a repeat of last year where my system had not been updated for two months because of Windows Update being broken.
  • If programmers wrote stuff properly in the first place..... :)
  • SomeGuy wrote:
    The funny thing is, no matter how you spin it, it boils down to incompetents at Microsoft.
    I have another idea, involving some security agency preventing them from releasing the fixes because they have a big secret operation going on which relies on the vulnerabilities Microsoft was about to patch… but that's probably just my paranoia kicking in.
  • Even though we have no Patch Tuesday this month, at least that the latest Malicious Software Removal Tool had came to me today, as well as the usual Windows Defender updates every few days.

    Also, seeing as this has affected everyone else, I guess it's a major issue for 7, 8.1 and 10. Don't know about Vista though, even though that's to go off the blink in two months.
  • Nayab wrote:
    If programmers wrote stuff properly in the first place..... :)

    Yes, because fault free code in something as huge as Windows or Office is *totally* possible.

    Compared to some of the joyous things going in the OpenSSL camp recently, MS are saints.
  • BOD wrote:
    Nayab wrote:
    If programmers wrote stuff properly in the first place..... :)

    Yes, because fault free code in something as huge as Windows or Office is *totally* possible.

    Compared to some of the joyous things going in the OpenSSL camp recently, MS are saints.

    It still is odd that linux distros haven't migrated to LibreSSL.
  • LibreSSL version cycles are too short and lack an LTS release.

    BoringSSL might become popular in more embedded contexts though.
Sign In or Register to comment.