Microsoft does not plan to release any security bulletins or patches this month despite claims from IT security companies that flaws require fixing.
Last month Microsoft issued 12 security bulletins covering 17 security flaws.
Every second Tuesday in each month Microsoft's Security Response Center releases a security bulletin pointing out vulnerability problems in their software -- ranging from text editors to enterprise servers -- and supplies patches to handle them.
Microsoft customers are informed three business days ahead of time on the rollouts and Friday were informed that the center "is planning to release no new security bulletins" Tuesday. This would be the second time Microsoft has chosen not to issue a security bulletin for a month. The last time was December 2003.
Even though Microsoft is not planning to issue any bulletin or patch, the security center will carry out its monthly technical webcast on Wednesday. "Final word will come down on Tuesday," a spokesperson said about the possibility for a change of plans.
According to the Denmark-based, IT security company Secunia, security managers should not use the absence of security patches from Microsoft as a reason to relax. Secunia has issued advisories of 30 unpatched or only partial fixed security holes on MS Internet Explorer 6 alone.
Craig Janssen, a network administrator at Johnson Controls in Melbourne, Florida, welcomes the breather next week. "It's never nice to drop what you are doing to ensure that your environment is patched," he commented in an e-mail. Janssen considers the monthly routine a necessary evil. "Hopefully, Microsoft and other vendors will continue to improve their code and have fewer exploits. Until then, we will keep trying to keep computers patched up!"
(Paul Roberts in Boston contributed to this report.)