Microsoft’s Patch Tuesday came and went this week without any patches.
The Redmond company’s monthly batch of security updates for its range of software, scheduled for release Tuesday, has been delayed until March, the company said, citing an unspecified “last minute issue that could impact some customers.”
The company says it will deliver updates on March 14 instead.
The delay means there is no Microsoft-built cure for a publicly disclosed vulnerability in a Windows file-transfer system that affects versions of the operating system including Windows 10, Windows 8.1 and editions of Windows Server. The vulnerability, if exploited, could cause computers to crash.
Michael Cherry, an analyst who tracks the company at research firm Directions on Microsoft, said he had never seen Microsoft scrap a monthly patch release entirely. “This is the first time we’ve seen nothing at all,” he said.
Microsoft in recent years has moved away from allowing customers to pick and choose which bug and security fixes to install, instead favoring a model that requires customers to take all of the fixes the company has come up with.
It’s an effort at standardization, with the goal of enforcing higher security and reducing the number of versions of software Microsoft has to support.
Such bundling limits Microsoft’s flexibility to suspend the delivery of specific patches if errors are found late in the process, Cherry said. “I don’t think they thought through that consequence of this model,” he said
A Microsoft spokeswoman declined to comment beyond the brief blog post announcing the delay.