It's the first time the company hasn't gone through with its monthly Patch Tuesday release since September 2005. The security update was scheduled to be released Tuesday, March 13.
"There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update, and every vulnerability presents its own unique challenges," said a Microsoft spokesman in an e-mailed response to InformationWeek. "Microsoft continues to investigate potential and existing vulnerabilities in an effort to help protect our customers. Creating security updates that effectively and comprehensively fix vulnerabilities is an extensive process involving a series of sequential steps. All updates need to meet testing standards in order to be released. This ensures that our customers can confidently install these updates in their environment."
Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, says he's surprised that Microsoft won't release any patches this month since there are nine known vulnerabilities affecting Microsoft Office and Explorer.
"It's kind of funny with all the outstanding bugs today, and they have nothing to offer," he says. "I would expect some help to come."