Microsoft does not plan to release any security bulletins or patches this month despite claims from IT security companies that there are flaws requiring fixes.
Last month Microsoft issued 13 security bulletins covering 17 security flaws.
Every second Tuesday of each month, Microsoft's Security Response Center releases a security bulletin pointing out vulnerability problems in the company's software--ranging from text editors to enterprise servers--and supplies patches to handle them.
Microsoft customers are informed three business days ahead of time on the rollouts, and Friday were informed that the center "is planning to release no new security bulletins" Tuesday. This would be the second time Microsoft has chosen not to issue a security bulletin for a month. The last time was December 2003.
Even though Microsoft is not planning to issue any bulletin or patch, the security center will carry out its monthly technical Webcast on Wednesday. "Final word will come down on Tuesday," a spokesperson said about the possibility for a change of plans.
False Sense of Safety?
According to the Denmark-based IT security company Secunia, security managers should not use the absence of security patches from Microsoft as a reason to relax. Secunia has issued advisories on 30 unpatched or only partially fixed security holes on MS Internet Explorer 6 alone.
However, some Microsoft customers may enjoy the breather. Craig Janssen, a network administrator at Johnson Controls in Melbourne, Florida, is one. "It's never nice to drop what you are doing to ensure that your environment is patched," he commented in an e-mail.
Janssen considers the monthly routine a necessary evil. "Hopefully, Microsoft and other vendors will continue to improve their code and have fewer exploits. Until then, we will keep trying to keep computers patched up!"
Paul Roberts of IDG News Service contributed to this report.