Mystery patch blots Microsoft's fix-free month

Microsoft apparently doesn't know when it plans to patch.

The company scrambled on Wednesday morning to figure out why a patch had been issued through its Windows Update service, when the software maker had declared on Tuesday that it would not issue any fixes in December.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The patch, for a flaw announced during its monthly fix bulletin in November, updates FrontPage extensions. It plugs a security hole that could allow malicious code to be run on a person's PC.

On Wednesday morning, Microsoft discovered that a glitch in the patching process resulted in a November fix not being applied to some Windows XP computers. The same patch was sent out again via the Windows update service on Tuesday night. The company is still investigating why and how the patch was reissued.

The original flaw occurs in Microsoft's FrontPage extensions and affects Windows 2000, Windows XP and Office XP. The security hole was rated as critical for all systems, except for original Windows XP installations that hadn't been upgraded with FrontPage Extensions 2002.

Microsoft has previously said that it would attempt to make its patching process more intuitive and easy to use. It moved to a fixed schedule of monthly patches to make the process more predictable for network and system administrators.