Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Postpones February Security Updates to March 14

Microsoft has informed customers that the February security updates, which the company delayed due to unspecified issues, will only be released next month as part of the planned Update Tuesday.

Microsoft has informed customers that the February security updates, which the company delayed due to unspecified issues, will only be released next month as part of the planned Update Tuesday.

The February 2017 security updates should have been released on Tuesday, but the company told users that the patches had to be delayed “due to a last minute issue that could impact some customers.”

Microsoft shared an update on Wednesday, saying that the February patches will be merged with the ones scheduled for release on March 14.

Johannes B. Ullrich, dean of research at the SANS Technology Institute, believes this is “probably overall the least disruptive solution at this point.”

Since Microsoft decided to postpone the release of the security fixes by a full month, it is likely that none of the vulnerabilities they were supposed to address are critical, although many are concerned about an unpatched denial-of-service (DoS) flaw in Windows caused by how SMB traffic is handled.

It’s still unclear what the last minute issue is, but many believe it could have something to do with cumulative updates. Although, some experts speculated that there may have been a different problem.

“Before the cumulative update model, a single patch could be pulled from the release without impacting the entire Patch Tuesday release. Now, speculation as to if this was an issue with one of the cumulative updates that caused this delay is not entirely unfounded, but thinking about this, if it were one update that was broken Microsoft could release everything else,” said Chris Goettl, product manager with Ivanti. “The fact is Microsoft didn¹t release anything, which sounds more like an infrastructure issue.”

In addition to the SMB-related vulnerability, the next security updates could patch a medium-severity information disclosure flaw discovered by Google Project Zero researchers. The weakness, tracked as CVE-2017-0038, was reported to Microsoft on November 16 and its details were disclosed on Wednesday after the 90 day deadline.

Advertisement. Scroll to continue reading.

Microsoft will no longer publish security bulletins, replacing them with an online database called Security Updates Guide.

Related: Microsoft Releases Only Four Bulletins on January 2017 Update Tuesday

Related: Microsoft Patches Several Publicly Disclosed Flaws

Related: Microsoft Patches Windows Zero-Day Exploited by Russian Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...