Hello, welcome to the Wednesday, February 15th, 2017 edition of the Sandinand Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from San Francisco, California.

Microsoft had an interesting surprise for us today.

It was supposed to be patched Tuesday, but essentially with an hour or two to go until we expected Microsoft to release

this month's patches they cancelled patch Tuesday.

Now they stated that they discovered some issue with this month's patches and that's

why they are delaying them.

There is no new date at which we should expect these updates could be as late as March. In the past, Microsoft occasionally has not released individual patches that turned out to cause

some odd side effects in the last minute, but they never really

cancel an entire patch Tuesday. This could be a little bit of the way they're planning to do

things going forward, where they are releasing these large monolithic monthly patches.

And of course, if one of the issues they're fixing within one of these large patches does cause problems,

they may not be able to remove that patch quickly enough.

And as a result, have then liked today to cancel the entire patch Tuesday.

Adobe, on the other hand, did release an update for

Flash. Of course, the interesting part now is that you don't necessarily have the accompanying

update for Edge and In Explorer 11 from Microsoft. And to make up for the missing Microsoft patch Tuesday, we do have an update from IBM for

WebSphere.

It does fix a cross-site scripting vulnerability that can be used to leak credentials from

trusted sessions.

And you should not delay patching this one while it's

only a cross-site scripting vulnerability. Remember, cross-site scripting vulnerabilities are often

...