By Joris Evers
Staff Writer, CNET News.com
March 8, 2007
Microsoft has no new security updates planned for Tuesday, despite at
least five zero-day vulnerabilities that are waiting to be fixed.
In a note on its Web site Thursday, Microsoft said it won't release any
security bulletins, yet it will release several updates that are not
related to security. The second Tuesday of the month is Microsoft's
scheduled patch release day.
Also on Tuesday, Microsoft will go ahead with an updated release of its
Windows Malicious Software Removal Tool. The program detects and removes
common malicious code placed on computers and is pushed out monthly.
The patch break could be a welcome respite for IT managers still busy
testing the dozen fixes Microsoft released last month. Also, many IT
pros may be occupied with the switch to daylight saving time, which at
the behest of Congress, is happening three weeks earlier this year. Many
computer systems don't have that change programmed in and require
Microsoft occasionally has months when it has not released security
updates. The last time Microsoft did not offer security updates as part
of its monthly update cycle was September 2005, the company said.
"Microsoft continues to investigate potential and existing
vulnerabilities in an effort to help protect our customers," a company
representative said on Thursday. "Creating security updates that
effectively and comprehensively fix vulnerabilities is an extensive
process involving a series of sequential steps."
Still, the lack of security updates also means that cybercrooks have
more time to exploit known security vulnerabilities. There are five
known zero-day holes in Microsoft products, according to eEye Digital
Security. Microsoft has warned that a bug in Word is being exploited in
attacks. The company has said it is working on a fix.
Visit the InfoSec News Security Bookstore