Microsoft Tuesday published 26 security bulletins related to vulnerabilities in its Windows and Office products, but had network problems that kept it from making the software patches available via Microsoft Update, Automatic Updates, Windows Server Update Services and Windows Update v6.
According to the Microsoft Web site, the Patch Tuesday delay was due to "networking for these systems: there are no issues with the security updates themselves," a situation confirmed by a Microsoft spokesperson. "Due to technical difficulties experienced on the Microsoft Update platform," there was a failure to deliver the patches via the impacted services, the Microsoft spokesman stated. "Technical teams are engaged and have been working around the clock to resolve the problem and we anticipate that updates will be made available via the Microsoft Update platform by the end of the day October 10th."
The network problems that lasted throughout the course of the day are said to impact some but not other services. For instance, the network problems didn't impact delivery of the October software patches via Windows Update v4 or Office Update or Software Update Services. But it did impact Microsoft's most advanced and newest technologies, WSUS and Windows Update v.6, security specialists pointed out.
Microsoft's hobbled security patch update process is "highly unusual," said Jonathan Bitle, manager of technical accounts at Qualys. A managed security services provider. "We've never seen this happen before."
At Shavlik, which provides software patching products, Eric Schultze, chief security architect, said the impact on corporations dependent on WSUS and Windows Update v6 would result in the inability to automatically download these software patches and distribute them to affected computers.
"They could manually download and distribute the patches for the security bulletins, but this would be difficult for any organization with any significant number of computers," commented Schultze. Corporations with third-party software patching products, such as Shavlik's weren't impacted, since Shavlik obtains software updates manually before making them available to customers.