Microsoft: mês sem patches

Microsoft: No security patches this month

"Microsoft’s Patch Tuesday train will be empty this month.

A advance notice from Redmond says there are no security updates on tap for Tuesday, March 13, the day set aside for software fixes.

Microsoft said it is investigating “potential and existing vulnerabilities” but, because of its rigid patch testing routines, none of the updates are ready for this month’s release cycle.

...

The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005.

Last month, Microsoft shipped a total of 12 bulletins with patches for at least 20 vulnerabilities in a wide range of software products.

There are several known vulnerabilities affecting Microsoft customers that remain unpatched, including a critical Microsoft Word vulnerability that surfaced one day after the January release of patches. The MS Word flaw was found during an in-the-wild zero day attack.

According to eEye’s Zero Day Tracker, there are five well-known bugs in Microsoft products that are without fixes. FrSIRT has a more comprehensive unpatched list that includes two remote code execution flaws affecting Microsoft Office."

Do blog Zero Day