Microsoft has no plans to release any security patches this month, it has told an incredulous market.
Last month, Microsoft issued a bumper 12 security bulletins covering 17 security flaws. Presumably it feels it has covered all its problems for a month, but IT security companies aren't so sure, claiming that a number of flaws still require fixing.
Every second Tuesday in each month Microsoft's Security Response Center releases its security bulletin. Microsoft customers are informed three business days ahead of time but on Friday they were informed that the center "is planning to release no new security bulletins" tomorrow.
The last time Microsoft chose not to issue a security bulletin was December 2003.
Even though Microsoft is not planning to issue any bulletin or patch, the security center will carry out its monthly technical webcast on Wednesday. "Final word will come down on Tuesday," a spokesperson said about the possibility for a change of plans.
According to IT security company Secunia, security managers should not use the absence of security patches from Microsoft as a reason to relax. Secunia has issued advisories of 30 unpatched or only partial fixed security holes on Internet Explorer 6 alone.
Craig Janssen, a network administrator at Johnson Controls welcomes the breather however. "It's never nice to drop what you are doing to ensure that your environment is patched," he said. Janssen considers the monthly routine a necessary evil. "Hopefully, Microsoft and other vendors will continue to improve their code and have fewer exploits. Until then, we will keep trying to keep computers patched up!"
Paul Roberts in Boston contributed to this report.