Why Microsoft pulled the BEAST exploit patch at the last minute

Earlier today we brought you the news that Microsoft released but thirteen of the fourteen security bulletins that it had announced the week prior as part of this month’s Patch Tuesday. We mentioned in our coverage that the final bulletin had been pulled due to compatibility issues. We now have the relevent details.

The bulletin was to deal with the BEAST, or the Browser Exploit Against SSL/TLS, security flaw. Microsoft explained as follows: “[the] bulletin scheduled to address Security Advisory 2588513 was postponed due to a third-party application compatibility issue that will be addressed by the vendor, with whom we’re working directly.”

According to Computerworld, the vendor in question was SAP, a technology behemoth; its say goes for quite a lot in Redmond, obviously. According to that report, Microsoft stated that it would rather wait to fix the issue than to “ship something that might inconvenience customers.” Or, in human, the company didn’t want to break software around the world, and is thus holding off on the patch until it doesn’t cause unintentional havoc.

While BEAST is not solved for now, Microsoft did release a patch to combat the Duqu infection, something that has been in the news, especially in regards to Iran’s nuclear program. However, according to Qualys, what the company released today stands little chance to effectively solve Duqu, and will likely have a replacement exploit coded in short order.

You can read all our Patch Tuesday coverage here. This concludes our patch coverage of 2011, Mazel Tov!