I have to admit that I am a bit dismayed at Microsoft on this one. A few months ago they decided to change their "hotfix" release policy to schedule patch releases for the second Tuesday of each month. So, with bated breath, the entire computing community waited for the December release date. When "Patch Tuesday" came, we continued to wait. Around the middle of the afternoon the site was updated with a curt "Microsoft has no security bulletins to release as part of the monthly release cycle for December."

Advertisement On this topic SECURITY.ITWORLD.COM security.itworld.com. Sign up Now! Relief not expected in U.S., E.U. antispam laws 2004 seen bringing more, worse cyberattacks Delayed patch ends Microsoft's patch-free month early SCO's Web site hit with DoS attack No Christmas patches from Microsoft

Now, that simple sentence leaves us wondering about a few issues. First, does this mean that no new security issues were identified during the past four weeks, or does this mean that though issues were found, Microsoft has no patches for the problems yet? As if the entire release cycle issue did not leave clients feeling vulnerable enough, the vague posted entry on the Microsoft site leaves them with more to worry about.

Next, if the simple one line posts are all the information about the status of security at Microsoft we are going to get, we must ask ourselves how comfortable the new policy makes us. Microsoft, please provide us with a little more information! Something like; "Microsoft has no new patches to release at this time. All known security issues have been addressed." Or even, "Microsoft has no new patches at this time, but we are currently investigation several issues that have been brought to our attention." At least let us know if there is something or anything going on!