Microsoft Delays February’s ‘Patch Tuesday’ Update

Microsoft this week delayed its monthly Patch Tuesday update, citing an undisclosed “issue” that cropped up at the 11th hour.

“Patch Tuesday,” so called because it falls on the second Tuesday of each month, is among the software industry’s most reliable routines for releases of software fixes.

The delay comes as administrators await a solution for a zero day vulnerability affecting Windows’ handling of SMB traffic, the Microsoft file-sharing protocol.

“Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems,” Microsoft said in a short blog post Tuesday. “This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.”

“After considering all options, we made the decision to delay this month’s updates,” the post continued. “We apologize for any inconvenience caused by this change to the existing plan.”

Microsoft offered no further details about the “issue” that prompted the delay, nor an estimate for when the update might ultimately be released.

Update: Microsoft has updated its advisory and announced it has canceled its patch update for February and will deploy fixes next on Tuesday, March 14.

The postponement comes a week after the federally backed CERT cybersecurity division at Carnegie Mellon University announced the discovery of the new vulnerability in an advisory entitled “Microsoft Windows SMB Tree Connect Response denial of service vulnerability.”

“Microsoft Windows contains a memory corruption bug in the handling of SMB traffic, which may allow a remote, unauthenticated attacker to cause a denial of service on a vulnerable system,” the CERT researches said, adding that: “By causing a Windows system to connect to a malicious SMB share, a remote attacker may be able to cause a denial of service by crashing Windows.”

The advisory adds that the exploit – the code for which is publicly available – causes windows to improperly handle traffic from the attacking server.

“In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure,” the statement said. “By connecting to a malicious SMB server, a vulnerable Windows client system may crash…”

“We have confirmed the crash with fully patched Windows 10 and Windows 8.1 client systems, as well as the server equivalents of these platforms, Windows Server 2016 and Windows Server 2012 R2,” the advisory continues. “Note that there are a number of techniques that can be used to trigger a Windows system to connect to an SMB share…Some may require little to no user interaction.”

Send tips and news to MSPmentorNews@Penton.com.