Microsoft has pulled four bulletins from its announced list of Patch Tuesday fixes, but did not specify why it was backpedalling on the security releases.
It now plans to issue four security bulletins on Tuesday, rather than the eight originally announced, the software giant said on Friday in an updated notice on its Web site.
Three bulletins will contain fixes for Office, at least one of which will be rated "critical," Microsoft said. Critical vulnerabilities typically can allow a worm to spread or allow a Windows system to be fully compromised with minor or no interaction from the person using it. The fourth bulletin, for Windows, is also tagged critical.
On Thursday, Microsoft listed eight bulletins it intended to issue next week in its monthly patch cycle. It appears to have pulled two bulletins for Windows, one for Windows and Visual Studio and one for Windows and Office. These patches will now likely be released on a future Patch Tuesday.
The software giant did not provide any explanation for pulling the bulletins only a few days before their scheduled release.
"There are many factors that impact the release of a security update, and every vulnerability presents its own unique challenges," a Microsoft representative said in an e-mailed statement.
The company does not specify ahead of time which security vulnerabilities are addressed by its patches. As a result, it's unknown what security holes will now be left without a fix. eEye Digital Security, on its Zero-Day Tracker Web site, lists eight zero-day vulnerabilities that Microsoft still has to address, with four each in Office and Windows.
Zero-day vulnerabilities are security holes that have been publicly disclosed without a fix being available. In some cases, exploit code may be available for such a flaw, and there may be cyberattacks that take advantage of it. However, Microsoft's patches often address vulnerabilities that have not been publicly disclosed.
The company sometimes deviates from the Patch Tuesday advance notification. Last month, for example, it issued one more security bulletin than it had said it would. It has also dropped bulletins, citing quality issues. However, it has never before pulled four bulletins.
Sadly Microsoft again shows us that they are incapable of delivering a secure product or support. The millions or more that is then required to be spent by business and home users to repair these holes or their destruction is unconscionable. Vista has already proven t be a joke in this regard and business none the less is "forced" to upgrade under their licensing agreements.
Historically a new Windows platform has over 200,000 bugs identified in the first year. Nice. Microsoft forces the user to debug their garbage and pay out of their pocket to fix it. What a business model!!! Moralof thestory: Don't even think of upgrading until the release of the first service pack..typically a year after intial release.
Microsoft has perfected the redistribution of your wealth to themselves and others.