Users of Microsoft Corp.’s Software Update Services (SUS) will have towait a little longer to obtain Microsoft’s latest security patch, thesoftware vendor said Wednesday. Microsoft issued a patch fixing threecritical graphics bugs in the Windows operating system Tuesday, but thecompany has been unable to deliver the software to users of its SUScorporate update service, Microsoft said Wednesday.Microsoft Program Manager Bobbie Harder acknowledged the problemTuesday in a post to an SUS discussion forum written shortly afterMicrosoft issued theNovember security patch. Harder said that the SUS update would beavailable by approximately 5 p.m. Pacific Time Tuesday.But by Wednesday, the software was still unavailable. “We’ve run acrossan issue affecting SUS 1.0 that we’re investigating whereby the updatecan’t be deployed.,” Microsoft said in a posting to its SecurityResponse Center Web log. (https://blogs.technet.com/msrc/) “We hope to have a resolution soon on it,” the post added.Microsoft’s other patch deployment tools, including Windows ServerUpdate Services (WSUS) are unaffected by the delay, Microsoft said. SUS is a service designed to deliver patches for Microsoft products. Itis similar to the widely used Microsoft Windows Update, but is designedfor use within a corporate firewall. Microsoft plans to discontinue theservice in December 2006, and is actively encouraging SUS users toswitch to the newer WSUS.Microsoft’s November security patch fixes a number of problems in theway most versions of Windows render Metafile images. The problems couldtheoretically be exploited to allow a user to shut down or even gaincontrol of an unpatched system by tricking a user into viewing amaliciously formatted Metafile image. Windows Metafile is a graphics format used by some CAD (computer-aideddesign) applications. Files that use this format have either a .wfm or.emf extension.Microsoft executives declined to comment on the SUS delay or to say when the updates were expected to begin working.The unexplained delay did not sit well with some Microsoft customers.”Maybe Microsoft is gently encouraging us to upgrade to WSUS by makingour systems vulnerable longer if we use SUS,” one user wrote in an SUSdiscussion forum Wednesday.By Robert McMillan – IDG News Service (San Francisco Bureau) Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe