Security threats Toolkit

No patches this Tuesday from Microsoft

Joris Evers CNET News.com

Published: 09 Mar 2007 09:22 GMT

Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed.

In a note on its website on Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.

Also on Tuesday, Microsoft will go ahead with an updated release of its Windows Malicious Software Removal Tool. The program detects and removes common malicious code placed on computers and is pushed out monthly.

The patch break could be a welcome respite for IT managers still busy testing the dozen fixes Microsoft released last month. Also, many IT pros in the US may be occupied with the switch to daylight saving time, which at the behest of Congress is happening three weeks earlier this year. Many computer systems don't have that change programmed in and require patching.

Microsoft occasionally has months when it has not released security updates. The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005, the company said.

"Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers," a company representative said on Thursday. "Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps."

Still, the lack of security updates also means that cybercrooks have more time to exploit known security vulnerabilities. There are five known zero-day holes in Microsoft products, according to eEye Digital Security. Microsoft has warned that a bug in Word is being exploited in attacks. The company has said it is working on a fix.