Microsoft pushes February updates to March

In an unprecedented move, Microsoft has decided to delay all February updates until next Patch Tuesday, which is March 14. It’s still not clear exactly why this is happening, but Microsoft is working on structural changes to the Windows Update system, so presumably something went horribly wrong in testing.

This is bad news for anyone who runs a server that’s vulnerable to a recently-discovered SMB flaw that was expected to be fixed with Tuesday’s updates.

Update 2017Feb23: Meanwhile, Google’s Project Zero went ahead and published the details of another vulnerability (in the GDI graphics library) that was supposed to be fixed this month. This was done in keeping with GPZ’s own policy, but as usual Microsoft isn’t happy about it.

Update 2017Feb28: Yet another vulnerability that was expected to be fixed in the February updates from Microsoft was just revealed by GPZ. This one affects Internet Explorer and Edge, and it’s ranked highly severe.