Patch Tuesday Updates


What is Patch Tuesday?

Also known as “Update Tuesday”, “Patch Tuesday” is a term that refers to Microsoft’s monthly release of software fixes. These include security patches for the Windows operating system and updates to other Microsoft products. 

The Security Response Center publishes a bulletin for each vulnerability. This vulnerability is then assigned a number from the Common Vulnerabilities and Exposures (CVE) list within the Security Update Guide website. Each Service Bulletin has remediation instructions, along with a link to a detailed Knowledge Base article. 

Microsoft releases Patch Tuesday updates every month which are used to patch vulnerabilities in Windows, Office, Azure & Visual Studio. These also fix known issues in popular applications. The updates cover supported Windows systems, including Windows operating systems that have reached the end of life but have protection through Microsoft’s Extended Security Update program. 

Microsoft releases most of its security patches on Patch Tuesday. Fixes for more serious vulnerabilities, called out-of-band patches, are an exception.

When is Patch Tuesday?

Patch Tuesday is the second Tuesday of every month and occurs at 10 a.m. Pacific Standard Time (5 p.m. Coordinated Universal Time).  Monthly software updates are released on this schedule to allow administrators a day to prepare before deploying the updates. 

Until Microsoft introduced the cumulative update servicing model in 2016, administrators could choose to deploy individual patches. They could also elect to not install a security update or even roll back previous patches. 

With the launch of Windows 10, Microsoft introduced its cumulative update model. The new approach packages all updates for a month along with previous ones, meaning users can’t pick which one to download. 

Microsoft extended this Windows 10 servicing model to other supported versions of Windows OSes in late 2016. With this approach, Windows administrators can only decide the order of patch deployment, rather than select which patches to apply. If a system encounters an issue that cannot be remediated, the administrator must roll back the entire cumulative update until Microsoft issues a fix. 

Microsoft releases monthly safety and reliability updates on their Patch Tuesday. These “B releases” include all previously released patches.  

Microsoft also offers cumulative, non-security previews called “C releases”. This release is typically published in the third week of the month. Administrators can test it on Windows systems before the official release on the following Patch Tuesday. 

Other companies, such as Oracle and Adobe, have also adopted the Tuesday patch deployment schedule in a bid to reduce confusion within the industry. 

Why is Patch Tuesday Important?

Microsoft wants you to install a patch as soon as it releases new security updates. Malicious actors study the patch code to try to figure out how to create malware variants from it. 

IT professionals must practice sound patch management to ensure that the patches do not cause issues with other enterprise products or disrupt users’ activities. Best practices dictate that administrators undergo a testing phase, such as a pilot group, to check for problems before applying patches to systems in a production environment. 

How does Microsoft Distribute Patches?

Microsoft provides monthly updates to fix any issues that they find within Windows, which includes fixing security vulnerabilities and bugs, as well as adding new features. Monthly rollups combine all of these fixes into one package that’s distributed to Windows users. These include: 

  • Windows Update 
  • Windows Server Update Services 
  • System Center Configuration Manager 
  • Microsoft Update Catalog 

For a while, Microsoft also distributed security updates for third-party apps like Adobe Flash, while it was still under Adobe’s care. 

To learn more about Patch Tuesday updates, get in touch with one of our IT experts.

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp