The result has been a more orderly, predictable process that enables enterprises to plan patch deployments well in advance and avoid costly downtime during business hours. And several other vendors, including Oracle Corp. and Hewlett-Packard Co., have followed suit by launching scheduled patch releases of their own.

But some administrators and security experts say that for all its benefits, the predictable release schedule also has its downsides, and can leave enterprises hanging when a new flaw is discovered between patch releases, which has led to a rise in third-party security fixes.

Redmond, Wash.-based Microsoft has released what have been called "out of cycle" patches a few times since it began the monthly schedule, but typically only after pressure from customers and media reports. Those rare instances have mainly come after exploit code for a new flaw has been made available, in effect forcing Microsoft's hand.

"The MSRC will always consider releasing an out-of-cycle update if we have a quality update available and customers are at serious risk, as we have done on several occasions such as the WMF attack," said Christopher Budd, security program manager at the Microsoft Security Response Center. Continue At Source

Send via e-mail | Submit to Digg | Add to Live Favorites