Microsoft Delays Patching Windows Zero-Day Vulnerability
Ashley Allen / 8 years ago
Microsoft’s new update policy for Windows Updates means that all fixes and revisions to the operating system a now delivered in one monthly rollup, rather than incrementally as they are created, on the second Tuesday of each month, which has become known as Patch Tuesday.
February’s second Tuesday – 14th February – has come and gone, with no sign of the monthly Windows Update, despite an implicit urgency to patch a zero-day vulnerability that the Redmond company has been aware of for months. That vulnerability has now been made public by the researcher who found it – released on GitHub – to encourage Microsoft to fix it, but instead the company has revealed that it will not be releasing an update this month at all and will include this month’s updates in March’s rollup.
“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems,” Microsoft said in a blog post. “This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.”
“After considering all options, we made the decision to delay this month’s updates,” it added. “We apologize for any inconvenience caused by this change to the existing plan.”
The post was amended soon after with the following:
“UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017.”
In the meantime, Windows will be at risk from a publicly-available zero-day vulnerability for about four weeks. Good work, Microsoft.