Wondering why you didn’t receive any security patch love for your Windows PC earlier this past Tuesday? Microsoft has announced that this month’s updates won’t arrive until next month’s planned Patch Tuesday on March 14th.
In its statement on TechNet blog, Microsoft says the delay is due to “a last minute issue” but the company is being quiet on what the issue is. Although, Mary Jo Foley from ZDNet did report that Microsoft was having problems with its patch build system. However, in a later update, Microsoft had no further comment other than what it posted on its blog post.
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017.
Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.
This is a rare decision from Microsoft and it leaves organizations without a patch for a memory corruption bug in handling SMB traffic which could allow a remote DoS attack. The current workaround for this is for IT professionals to block SMB connections via the firewall.
While the SMB exploit is aimed more at IT professionals than home users, this does leave Microsoft Edge exposed to new vulnerabilities in Adobe Flash Player. Supported browsers like Chrome or Firefox that have their own auto-updating mechanisms should already be patched. But Microsoft Edge only gets updated by its normally regular Patch Tuesday.
As a side note, to verify you have the latest patched version Adobe Flash Player, in the Chrome address bar type: chrome://components and verify you have version 220.127.116.11 – if the version is lower, click the button to check for update.
If things change or as more information comes in we’ll keep you updated.