Microsoft finally fixes 'critical' Windows security flaw after patch delay

The software giant made customers wait a month before rolling out a fix for a serious Windows security flaw with public exploit code.
Written by Zack Whittaker, Contributor
(Image: file photo)

Patch Tuesday is back -- albeit after an inadvertent and undisclosed glitch led to a month-long delay in releasing security patches.

Microsoft said Tuesday that it patched dozens of vulnerabilities across 18 bulletins.

Among the patches include one "critical"-rated flaw, which had publicly disclosed exploit code since early February.

The vulnerability relates to a Windows SMB bug, of which its proof-of-concept code was released just days prior to this month's scheduled Patch Tuesday.

The memory corruption bug could allow a remote, unauthenticated attacker to crash an affected machine, according to an advisory posted by Carnegie Mellon University's public vulnerability database posted in February.

Laurent Gaffié, who found the flaw last year, released the exploit code just days before Microsoft was first expected to patch the issue in February.

Although Microsoft fixed the bug, Gaffié was not credited with an acknowledgement in the bulletin.

Microsoft confirmed that all versions of Windows are affected in varying degrees by the bug.

The company also fixed eight other critical flaws -- which includes two cumulative updates for Internet Explorer and its Edge browser. Nine other important bulletins were issued.

March's patches are available through Windows Update.

These patches can't come soon enough. Microsoft was forced to delay its Patch Tuesday schedule last month for the first time in its history, with the exception of one critical Flash bug.

Microsoft still hasn't explained why it delayed February's release of security patches. ZDNet's Mary Jo Foley reported at the time that problems with Microsoft's build system could be the cause of the delay.

When pressed, a spokesperson refused to comment on what the cause of the delay was and instead issued a boilerplate response.

"Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. We extensively test our updates prior to release and are confident that our systems are working as expected and the issue that delayed the February updates is resolved," said a Microsoft spokesperson.

VIDEO: Windows 7 users are more exposed to ransomware, says Microsoft

Editorial standards