Microsoft: No security patches this month

A advance notice from Redmond says there are no security updates on tap for Tuesday, March 13, the day set aside for software fixes.

Microsoft said it is investigating "potential and existing vulnerabilities" but, because of its rigid patch testing routines, none of the updates are ready for this month's release cycle.

"Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps. All updates need to meet testing standards in order to be released. This ensures that our customers can confidently install these updates in their environment," a company spokesman said.

"There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update, and every vulnerability presents its own unique challenges," he added.

The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005.

Last month, Microsoft shipped a total of 12 bulletins with patches for at least 20 vulnerabilities in a wide range of software products.

There are several known vulnerabilities affecting Microsoft customers that remain unpatched, including a critical Microsoft Word vulnerability that surfaced one day after the January release of patches. The MS Word flaw was found during an in-the-wild zero day attack.

According to eEye's Zero Day Tracker, there are five well-known bugs in Microsoft products that are without fixes. FrSIRT has a more comprehensive unpatched list that includes two remote code execution flaws affecting Microsoft Office.