Last month, Microsoft took the unprecedented step of canceling Patch Tuesday, the company's monthly release of security fixes for its large stable of software products. The move meant that customers had to wait 28 days to receive updates that fixed vulnerabilities that allowed hackers to completely hijack computers and networks.
The last-minute move was all the more unusual because Microsoft made it a few days after exploit code for a Windows 10 flaw was released into the wild. In the nine days that followed the cancellation, technical details for two more serious vulnerabilities—one in Windows and the other in the Edge and Internet Explorer browsers—were also disclosed. Microsoft's security team almost certainly knew the latter two flaws would become public knowledge because Google's Project Zero privately reported the vulnerabilities to Microsoft and the bugs were subject to Google's long-standing 90-day disclosure deadline.