After a short break since our Patch Tuesday Debugged analysis in January, it looks like we are going to have some delay with Patch Tuesday in February due to a last minute technical issue with the Microsoft release process.
Microsoft had previously indicated that it was going to change the update process for security-related fixes this month -- and a bug discovered during this process change may have caused the delay. Chris Goettl from Ivanti, offers this: “In the hours since Microsoft announced it was going to postpone Update Tuesday I have had a number of people asking if this delay was related to Microsoft’s change to a cumulative update model. If it were just one update that was delayed I would agree, but with all updates being delayed I think it is more of a Windows Update Services infrastructure issue." I would tend to agree.
Though at present this is pure speculation, I expect that Patch Tuesday is likely to happen next week on February 21.
This month's update cycle from Microsoft is especially important as a now critical zero-day vulnerability (CVE867968) has been reported related to how a component of the Microsoft SMB protocol handles traffic. This was initially reported as a denial of service attack, but now looks like to be rated as critical by Microsoft as it may lead to a more serious (RCE) remote code execution scenario. Expect this update -- when Microsoft delivers it -- to be a "Patch Now" update for all Microsoft platforms (server and desktops).
For those that are not using modern "evergreen" browsers such as Microsoft Edge or Google Chrome, please download the latest Flash update here.
Watch this space for an in-depth analysis of this month's Microsoft Update Tuesday, coming next week.
This article is published as part of the IDG Contributor Network. Want to Join?