As promised, Microsoft did not unveil any security fixes Tuesday. But it did push out several other patches it deemed "high priority," including two for Windows Vista.
The last time Microsoft went a month without releasing security fixes was September 2005.
Among the four updates Microsoft pegged as "non-security, high-priority" today were the usual monthly revamp of the Microsoft Malicious Software Removal Tool and new signatures for the Outlook 2003 and Outlook 2007 anti-spam filters.
One Vista-specific update was also on the list, as was another that affected both XP and Vista.
The first, dubbed "March 2007 Windows Vista Application Compatibility Update," added compatibility "shims" – code that makes an application think it's actually running on a pre-Vista PC – for older Windows titles, including Trend Micro's Internet Security, Windows Server 2003 (SP1) Administration Tools Pack and RealNetworks' RealPlayer 6.0.12.
The second was another revision to the Windows Media Format 11 SDK (software developer's kit) code. In the associated support document, Microsoft said that the update corrected a problem that some portable music players had in synchronizing data with subscription services.
The rare no-patch Tuesday caught some security analysts and professionals trying to figure out how to spend their free time. "Relax, take a breath," suggested Minoo Hamilton, senior security researcher with patch management vendor nCircle Network Security.
"The pressure's on Microsoft to put out solid patches," said Hamilton when asked why he thought Microsoft skipped March's regularly scheduled patch day.
Microsoft's official explanation was along that line. "Microsoft continues to investigate potential and existing vulnerabilities," a representative wrote in an email last week when the company announced it would do without updates. "All updates need to meet testing standards in order to be released."
"This could be what they're dealing with, or the patches are just more complicated than usual," said Hamilton. The former, however, was his bet. "Obviously, they take patch quality very seriously now. Maybe they just feel that the bar is so much higher"
The updates were made available via the consumer-oriented Microsoft Update and Windows Update services, and the enterprise-oriented Software Update Services (SUS) and Windows Server Update Services (WSUS).