14 DAY TRIAL // Microsoft has confirmed in a post that this month’s security updates would launch in March, as the February 2017 Patch Tuesday was delayed due to a last-minute bug.
Originally, Microsoft said it decided to hold back the release of new updates because of issues that it didn’t want to disclose, and although it was believed that all patches could go live next Tuesday, the firm says this is not the case.
Instead, Microsoft will release all updates on the next Patch Tuesday cycle taking place on March 14, as the company explains in an update to the original post.
“We will deliver updates as part of the planned March Update Tuesday, March 14, 2017,” the firm said today without providing any other information on what went wrong.
“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today. After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan,” Microsoft also explained in the original announcement.
Zero-day flaw with public exploit code
The worst thing right now is that the delay of Patch Tuesday to March 2017 means that the company won’t release a patch for the zero-day SMB vulnerability whose exploit code has already been posted online.
According to the US-CERT, the SMB security flaw is already being exploited by cybercriminals, and there is no 100 percent effective workaround, with security experts previously pointing out that a Microsoft patch was absolutely mandatory to keep users secure.
Without such a patch, users remain vulnerable for one more month, and the existing workaround involves blocking outbound SMB connections (TCP ports 139 and 445, along with UDP ports 137 and 138) from the local network to the WAN.