In the past four years, Microsoft Corp. has issued at least one security bulletin—and often as many as a half dozen—every month. But not this month. For the first time in living memory, or at least as far back as Microsofts Web site records go, the company does not plan to issue any scheduled security bulletins this month.
This doesnt necessarily mean that there wont be any bulletins all month; if a critical issue arises, Microsoft will release a patch and bulletin as soon as possible, a company spokesman said. But the company in September went to a schedule in which it releases all of its bulletins on the second Tuesday of each month, so the next scheduled release will be in January.
The fact that the company is not releasing a scheduled bulletin this month also is not necessarily an indicator that there are no pending vulnerabilities to be resolved. The investigation, testing and patch-building process can take several weeks, so there may well be some issues in the Microsoft Security Response Centers hopper that just arent ready for release yet.
Microsoft, based in Redmond, Wash., has released 287 bulletins since December 1999, going back to the days when Windows NT 4.0 and Windows 98 were the latest operating systems. Now both of those systems are nearing retirement, and Microsoft has revamped its bulletin process several times in the intervening years.
The company moved to weekly bulletins some time ago and then in October of this year decided to shift to a monthly release schedule to help administrators plan their patch deployments.