Advertisement
Promo

Security threats Toolkit

Microsoft backpedals on security patches

Joris Evers CNET News

Published: 08 Jan 2007 09:28 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft has pulled four bulletins from its announced list of Patch Tuesday fixes, but did not specify why it was backpedalling on the security releases.

It now plans to issue four security bulletins on Tuesday, rather than the eight originally announced, the software giant said on Friday in an updated notice on its website.

Three bulletins will contain fixes for Office, at least one of which will be rated "critical", Microsoft said. Critical vulnerabilities typically can allow a worm to spread or allow a Windows system to be fully compromised with minor or no interaction from the person using it. The fourth bulletin, for Windows, is also tagged critical.

On Thursday, Microsoft listed eight bulletins it intended to issue next week in its monthly patch cycle. It appears to have pulled two bulletins for Windows, one for Windows and Visual Studio and one for Windows and Office. These patches are now likely to be released on a future Patch Tuesday.

The Redmond, Washington-based software giant did not provide any explanation for pulling the bulletins only a few days before their scheduled release. "There are many factors that impact the release of a security update, and every vulnerability presents its own unique challenges," a Microsoft representative said in an emailed statement.

The company does not specify ahead of time which security vulnerabilities are addressed by its patches. As a result, it's unknown what security holes will now be left without a fix. eEye Digital Security, on its Zero-Day Tracker website, lists eight zero-day vulnerabilities that Microsoft still has to address, with four each in Office and Windows.

Zero-day vulnerabilities are security holes that have been publicly disclosed without a fix being available. In some cases, exploit code may be available for such a flaw, and there may be cyberattacks that take advantage of it. However, Microsoft's patches often address vulnerabilities that have not been publicly disclosed.

The company sometimes deviates from the Patch Tuesday advance notification. Last month, for example, it issued one more security bulletin than it had said it would. It has also dropped bulletins, citing quality issues. However, it has never before pulled four bulletins.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
60 out of 68 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

4 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters