Patch Tuesday, designated for the second Tuesday of each month, has been around since 2003 and is usually regular like clockwork.
It was created by Microsoft as a way to have a standard delivery date/schedule for updates that were being provided for the companies software. This allowed a lot of stability for users and IT Pros so they could be prepared for the monthly distribution oof the updates.
Well this month Microsoft has hit a snag with their monthly Patch Tuesday.
Sometime early this past Tuesday morning, just hours before those patches were to be pushed out to end users, they posted a brief message on the Microsoft Security Response Center (MSRC) site stating that they would not go out on schedule.
Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.
After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.
Beyond that brief message there was no other information provided to customers about the unexpected delay.
Over at ZDNet, Mary Jo Foley reported that some of her contacts indicated that the delay may have been related to an issue with the build system that prepares the batch of updates for release.
Then, the next day, about 36 hours after Patch Tuesday should have been rolling along, we got a one line brief update on that original MSRC post notifying everyone of the delay:
UPDATE: 2/15/17: We will deliver updates as part of the planned March Update Tuesday, March 14, 2017.
That was it.
No clarity or transparency about why the updates were delayed except that they would now be rolled into next month's scheduled updates.
While delaying routine updates is not a big deal in the scheme of things, it was expected that Microsoft would be fixing a disclosed vulnerability with SMB shares that could result in a denial of service attack on an unpatched system. It is possible that Microsoft might choose to release that specific patch as an out of cycle update to get it addressed however, that will mean they first need to sort out the in-house issues that caused the delay initially.
Definitely something to keep your eye on over the next few weeks.