Patch Tuesday not a good thing?
November 7, 2014 Leave a comment
Funny how things go full circle. Somewhere around 15 years ago, Microsoft decided [after enough complaining by organizations] that it was time to change the way security updates are released.
Prior to this decision, security updates were released as they became available. While you could call it a bit proactive, on the other side, your company had to figure on its own when to have a cutoff point so that the updates could be installed and yet not to interfere with the company’s day to day operations. After all, you don’t want to reboot potentially hundreds of servers every second or third day.
So Microsoft decided to release updates every second Tuesday of the month. This would give everyone a regular routine and I guess nobody wants to worry about updates on a Monday [things over the weekend have to be fixed first] or many holidays are on Mondays.
Hence, “Patch Tuesday” was born.
Of course, any out of band update could still happen, but Microsoft would decide whether or not this is critical to release or wait until the next Patch Tuesday.
Recently, I received an Email from a security organization that publishes a Email newsletter twice a week with the latest in malware issues, security breaches and all that fun stuff.
After a news story related to Microsoft security updates, one of the commentators wondered [in this day and age] why this policy is still used, calling it outdated but offered no explanation why.
I’m wondering why myself. After all, we know that updates are coming and Microsoft provides some advance notification on what to expect – barring a last minute change.
In addition, other companies such as Adobe and Oracle have followed the same strategy and releases their own updates [excluding out of band updates] on the same day, so that not only Microsoft updates can be applied but Adobe and Oracle updates can also be applied at the same time – if the company allows that.
IT professionals know that in a large company, updates may not get applied immediately to all computers [some are offline or not connected to the network for whatever reason] and of course the odd issue with some updates to try and fix.
So I can’t figure out why the commentator wasn’t so happy.