Microsoft has an early holiday gift for systems administrators: no monthly security patch release in December.“It is a happy coincidence, but it is not related to Christmas,” said Iain Mulholland, security program manager at Microsoft. “We have made a commitment to release (the monthly patch package) when we’re ready, when we have quality patches. There is simply nothing that has passed the bar yet from a quality perspective for release in December.”In October, Microsoft moved to a monthly cycle for security patches, replacing a system of weekly updates that the company said had become too burdensome and complex for customers. The monthly updates also allow Microsoft to reduce the number of patches by folding multiple vulnerabilities affecting a single platform into one patch.System administrators can expect a security update from Microsoft on Jan. 13, the second Tuesday of January, Mulholland said. However, that doesn’t mean patch managers can sign off and hit the shopping mall or relax at home. If there is an immediate risk to customers, Microsoft will break its monthly cycle and issue an emergency patch. “We will break cycle if there is a real, immediate threat,” Mulholland said.Skipping a month does not mean all systems are secure. There are security vulnerabilities that Microsoft is working to patch, which means systems are at risk. For example, Microsoft is still investigating several flaws in Internet Explorer that were detailed last month by security company Secunia. However, hackers don’t seem to be exploiting any of those vulnerabilities right now, said Russ Cooper, Surgeon General of TruSecure and moderator of the NTBugtraq security mailing list.“Christmas or not, we all monitor constantly and keep our ears to the ground. Should we see some activity over the next few weeks targeting a specific vulnerability and that needs to shake Microsoft up a bit, I am sure they would be responsive,” he said.Jupiter Research senior analyst Joe Wilcox agreed that system administrators need to remain on guard.“For many security managers, no new patches to test and deploy will be like getting an early Christmas present. Ho, ho, ho, Santa’s here,” Wilcox said. “But that’s no guarantee they won’t later find coal in their stockings. Microsoft still has to get through December without some unexpected vulnerability necessitating an unscheduled patch.” Related content news analysis Cisco, AWS further integrate cloud management capabilities Cisco and AWS marry Cisco ThousandEyes and AWS’ CloudWatch Internet Monitor, bolster Cisco Cloud Observability features By Michael Cooney Nov 28, 2023 4 mins Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe