Microsoft has an early holiday gift for systems administrators: no monthly security patch release in December.
"It is a happy coincidence, but it is not related to Christmas," security program manager at Microsoft, Iain Mulholland, said. "We have made a commitment to release [the monthly patch package] when we're ready, when we have quality patches. There is simply nothing that has passed the bar yet from a quality perspective for release in December."
In October, Microsoft moved to a monthly cycle for security patches, replacing a system of weekly updates that the company said had become too burdensome and complex for customers. The monthly updates also allow Microsoft to reduce the number of patches by folding multiple vulnerabilities affecting a single platform into one patch.
System administrators culd expect a security update from Microsoft on January 13, the second Tuesday of January, Mulholland said. However, that didn't mean patch managers couldn sign off and hit the shops or relax at home.
If there is an immediate risk to customers, Microsoft will break its monthly cycle and issue an emergency patch.
"We will break cycle if there is a real, immediate threat," Mulholland said.
Skipping a month does not mean all systems are secure. There are security vulnerabilities that Microsoft is working to patch, which means systems are at risk. For example, Microsoft is still investigating several flaws in Internet Explorer that were detailed last month by security company, Secunia.
However, hackers don't seem to be exploiting any of those vulnerabilities right now, Surgeon General of TruSecure and moderator of the NTBugtraq security mailing list, Russ Cooper, said.
"Christmas or not, we all monitor constantly and keep our ears to the ground," he said. "Should we see some activity over the next few weeks targeting a specific vulnerability and that needs to shake Microsoft up a bit, I am sure they would be responsive," he said.