Patch Tuesday

After Microsoft said on Tuesday that it was postponing its February Patch Tuesday indefinitely, the company issued a new statement today, announcing that February's patches will arrive on March 14, next month.

"We will deliver updates as part of the planned March Update Tuesday, March 14, 2017," Microsoft said in an update to its original blog post.

This announcement effectively rolls up February's security updates into next month's Patch Tuesday

The Redmond-based company has never explained why it postponed February's updates in the first place.

Microsoft only said it "discovered a last minute issue that could impact some customers," so it delayed February's Patch Tuesday because the issue "was not resolved in time for [their] planned updates."

Microsoft's overhaul of its security updates system

Many have speculated that at fault for this "last minute issue" was Microsoft's overhaul of the patch delivery system.

February is the month when Microsoft announced it would start publishing all security updates in a searchable database, instead of security bulletins.

Additionally, February was when Microsoft was set to deliver Internet Explorer security updates separately from Windows patches.

The delay of the February monthly patches means organizations will remain vulnerable to a zero-day in the SMBv3 protocol made public at the start of the month.

Microsoft had already pushed back fixing the flaw for a few months, which was the main reason why the security researcher decided to go public with the zero-day.

Proof-of-concept exploit code is publicly available, but no attacks have been reported as of yet. Nevertheless, companies won't feel at ease when they know they have computers exposed to attacks. CERT recommends blocking outbound SMB connections as a workaround to mitigate attacks.