Skip the navigation

No Microsoft security patches today, but two Vista fixes released

It last skipped a month without releasing security updates in September 2005

March 13, 2007 12:00 PM ET

Computerworld - As promised, Microsoft Corp. did not unveil any security fixes today. But it did push out several other patches it deemed "high priority," including two for Windows Vista.

The last time Microsoft went a month without releasing security fixes was September 2005.

Among the four updates Microsoft pegged as "non-security, high-priority" today were the usual monthly revamp of the Microsoft Malicious Software Removal Tool and new signatures for the Outlook 2003 and Outlook 2007 antispam filters.

One Vista-specific update was also on the list, as was another that affected both XP and Vista.

The first, dubbed "March 2007 Windows Vista Application Compatibility Update," added compatibility "shims" -- code that makes an application think it's actually running on a pre-Vista PC -- for older Windows titles, including Trend Micro's Internet Security, Windows Server 2003 (SP1) Administration Tools Pack and RealNetworks' RealPlayer 6.0.12.

The second was another revision to the Windows Media Format 11 SDK (software developer's kit) code. In the associated support document, Microsoft said that the update corrected a problem that some portable music players had in synchronizing data with subscription services.

The rare no-patch Tuesday caught some security analysts and professionals trying to figure out how to spend their free time. "Relax, take a breath," suggested Minoo Hamilton, senior security researcher with patch management vendor nCircle Network Security Inc.

"The pressure's on Microsoft to put out solid patches," said Hamilton when asked why he thought Microsoft skipped March's regularly scheduled patch day.

Microsoft's official explanation was along that line. "Microsoft continues to investigate potential and existing vulnerabilities," a representative wrote in an e-mail last week when the company announced it would do without updates. "All updates need to meet testing standards in order to be released."

"This could be what they're dealing with, or the patches are just more complicated than usual," said Hamilton. The former, however, was his bet. "Obviously, they take patch quality very seriously now. Maybe they just feel that the bar is so much higher"

The updates were made available via the consumer-oriented Microsoft Update and Windows Update services, and the enterprise-oriented Software Update Services (SUS) and Windows Server Update Services (WSUS).

Read more about Windows in Computerworld's Windows Topic Center.

Our Commenting Policies
Consumerization of IT: Be in the know
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!