Security threats Toolkit

'Critical' Windows update suspended

Joris Evers CNET News

Published: 12 Sep 2005 09:10 BST

Next week's "Patch Tuesday" was already going to be quiet, with an update only for Windows. On Friday, Microsoft pulled that update, saying more testing is needed.

"Late in the testing process, Microsoft encountered a quality issue that necessitated the update to go through additional testing and development before it is released," the software maker said in a statement on its Web site.

The last-minute recall comes a day after Microsoft announced that it would release on Tuesday one security bulletin that addresses an unspecified number of flaws in Windows. The bulletin was deemed "critical", meaning that users would be at risk of a malicious Internet worm attack that could spread without any user action. Critical is Microsoft's highest risk rating.

Microsoft releases patches every second Tuesday of the month so that people can anticipate the patches. The company provides some information in advance on the Thursday before each of these Tuesdays to give an additional heads-up to users.

Microsoft has not specified the security bugs its planned Windows update would fix. Over the last few weeks, several security researchers have come forward with flaws in Internet Explorer, Windows' default browser. Some of these vulnerabilities could let an attacker gain control of a user's PC.

In August, Microsoft released six security bulletins, including three deemed "critical" for Windows. Last month's patches also included a critical alert for Windows flaws. One of the flaws was exploited days later by the Zotob worm that wreaked havoc on Windows 2000 systems worldwide.

The postponed Windows patches are now likely to be released next month because Microsoft typically sticks to its monthly cycle. However, if deemed necessary to protect Windows users against attacks, the patch might be released sooner.