Despite the difficulty of keeping up with the rapidly evolving threat landscape, Microsoft Corp. has managed to issue new security updates for Windows consistently every month since 2003. As a result, company watchers were taken off guard on Wednesday when it announced that the patch originally scheduled for this Tuesday had been pushed back to March.
Microsoft attributes the delay to a “last minute issue” that was discovered sometime earlier this month and could not be resolved in time. Mary Jo Foley of ZDNet cited anonymous insiders as saying that the fault is with the company’s build system, but the length of the disruption suggests there may be other factors involved as well. Furthermore, there was a roughly 24-hour discrepancy between when the company first reported the setback and its decision to push back the release date by a month.
The move is given even more significance by the fact that Microsoft was expected to a patch a major vulnerability with its update. Reported nearly two weeks ago, the flaw enables hackers to remotely crash Windows systems through the small and medium-sized business file-sharing protocol. Many companies disable the feature to prevent exactly this kind of remote exploitation, but it would normally still a big enough security hole to warrant a prompt fix from the software giant.
Now, however, users will have to wait until March 14 for the patch. The delay marks a symbolic setback at a time when Microsoft is working to dramatically bolster the security of its products. Most recently, the company introduced a tool called Secure Score for Office 365 that is designed to help organizations assess how well their documents are protected and identify areas for improvement.