Microsoft Delays February 2017 Security Updates Due to "Last Minute Issue"

UPDATE: Microsoft said February's security updates will be delivered next month, together with the March security updates, on March 14. Original story below.

In a short announcement posted on its blog today, Microsoft announced it was delaying today's Patch Tuesday security updates indefinitely until its engineers address a last minute issue the company expected to cause problems for customers, if deployed today.

Contacted by Bleeping Computer, Microsoft declined to comment on the "last minute issue," but there are certain theories going around.

Is it because of the SMB zero-day?

One of them relates to Microsoft not yet having fixed the zero-day discovered by Laurent Gaffié, which the researcher made public two weeks ago.

The zero-day affected the SMBv3 protocol, included with several Windows OS versions, such as Windows 10, 8.1, Server 2012, and Server 2016. Attackers could leverage this issue to crash Windows computers, or even execute malicious code on affected machines.

Gaffié discovered this issue last fall, but Microsoft delayed the patch for several months, which drove the researcher to publish details about the zero-day, and force the OS maker to address the problem  even if it wanted or not.

... or is it because of the new Security Updates Guide database

Another theory, proposed by ICS SANS researcher Johannes B. Ullrich, is that Microsoft is having technical issues migrating to a new security updates model, which was set to start this month.

Back in November 2016, Microsoft announced it would stop publishing security bulletins in January 2017, and starting this month, would publish all security updates in a searchable database. This new portal is called Security Updates Guide, and is already live.

Additionally, Microsoft also separated Windows security patches from IE and Office updates, complicating this month's Patch Tuesday rollout even more.