Microsoft postpones Patch Tuesday

Patch Tuesday is the day when most system administrators sit down and perform critical patching of the systems under their control – or at least begin testing the updates and patches released by Microsoft, and planning their deployment.

Microsoft postpones Patch Tuesday

For some years now, Adobe has been releasing Flash Player and other updates on the same day, as starting with Windows 8 Flash Player came with the OS.

But this Patch Tuesday came and went, and Microsoft did not publish any updates, and the following official short explanation has been offered:

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.”

The company did not say when the updates are expected to be released.

Changes in the update release cycle

But even before that this Patch Tuesday was supposed to be unusual, as it was the day when Microsoft planned to completely switch from publishing security bulletins to offering information about the patches through an online database called Security Updates Guide.

Whether or not system administrators find the new information sharing method more or less helpful will depend on what information is actually shared.

Also, Microsoft has recently announced that individual patches will not be available but will be bundled together in the monthly Security update or monthly Cumulative update.

“If there is a problem in the patch for one kernel vulnerability for example, then all kernel or related vulnerabilities cannot be released as they are bundled together,” Amol Sarwate, Director of Engineering at Qualys, explained.

Again, it remains to be seen whether these changes will end up being helpful or not.

Adobe goes ahead

In the meantime, Adobe kept to the schedule and released three security updates, for Flash Player, Digital Editions, and Campaign. The update for Flash Player is the most important one, as it fixes issues that can allow attackers to take complete control of the system by tricking users into viewing malicious Flash content.

Finally, it’s good to mention that Apple has pushed out an unexpected security update for GarageBand, the music creation program that all Mac machines running OS X Yosemite and late have installed by default.

Cisco Talos has more details about the vulnerabilities the update fixes, but for most users is enough to know that if they open a maliciously crafted GarageBand project file, their system might end up compromised.

UPDATE: Microsoft has announced that they will deliver the updates initially scheduled for February as part of the planned March Update Tuesday (on March 14, 2017).