Mystery patch blots Microsoft's fix-free month

The software giant scrambles to find out why a fix for FrontPage is making the rounds, when it had decided not to issue any patches in December.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
Microsoft apparently doesn't know when it plans to patch.

The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December.

Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

The patch, for a flaw announced during its monthly fix bulletin in November, updates FrontPage extensions. It plugs a security hole that could allow malicious code to be run on a person's PC.

On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

The original flaw occurs in Microsoft's FrontPage extensions and affects Windows 2000, Windows XP and Office XP. The security hole was rated as critical for all systems, except for original Windows XP installations that hadn't been upgraded with FrontPage Extensions 2002.

Microsoft has previously said that it would attempt to make its patching process more intuitive and easy to use. It moved to a fixed schedule of monthly patches to make the process more predictable for network and system administrators.