Patch Tuesday: 5 reasons why you should participate

Introduction

In this article we will be looking at Patch Tuesday—what it is, when it is, and what you can do to make the most of it. Patch Tuesday is an important date in the calendar of any system administrator, especially those within larger organisations!

Maintaing laptop security by updating software via cloud

What is Patch Tuesday?

Patch Tuesday is a commonly-used name for the day that software companies typically release regular patches for their products. Patches are updates to software intended to fix issues, strengthen security, or increase compatibility with other software or systems. Patch Tuesday is not an official event, but has become an industry standard that companies such as Microsoft, Oracle, Adobe, and others follow. It is also often referred to as Update Tuesday.

Patch Tuesday was first introduced by tech giant Microsoft in October 2003. Ever since the release of the Windows 98 operating system in (you guessed it!) 1998, the Windows Update program has been a standard feature of any Microsoft operating system. Early versions of Windows Update would automatically check for patches to all components of the Operating System. These patches were released intermittently by Microsoft.

Not only did releasing and distributing these patches sporadically cost Microsoft a lot of money, but also customers with more than one copy of the Windows OS had to manually update each deployment separately—you can imagine how time-consuming this was for companies with many Windows machines!

Patch management is extremely important for the optimal running and security of systems, but can be difficult and time-consuming, and was even more so in the early days. Microsoft introduced Patch Tuesday in 2003 to save distribution costs as well as to simplify patch management for their own engineers and for consumers by bundling multiple patches together at regular times.

When is Patch Tuesday?

Patch Tuesday takes place on the second Tuesday of every month at 10pm PST/PDT (in the UK, that’s 6am GMT/BST on the Wednesday).

The reason that Tuesday was chosen for this is so that system administrators and users have plenty of time available before the weekend to fix any potential issues caused by the new software patches. Monday is also left free so that any unexpected problems that may have happened over the weekend can be addressed.

Any potential bugs caused by patches are usually addressed with hotfixes. Hotfixes are smaller updates that can be carried out immediately to a live system without downtime, often known as QFE (Quick-Fix Engineering) updates.

Although the bulk of updates are released on Patch Tuesday, smaller updates are often released at other times, especially if they are urgent. For example, Windows Defender and Microsoft Security Essentials usually receive daily updates to their malware databases.

Occasionally, a second Patch Tuesday takes place halfway between two monthly Patch Tuesdays, two weeks from each.

cogs people working together to maintain and update system of cogs

Why should you update your devices on Patch Tuesday?

Updating your systems is an essential factor in system administration, whatever the size and complexity of your network. Even smaller organisations are recommended to apply patches on Patch Tuesday, for several reasons:

1. Maintaining your security

Strong security is vital for all organisations, particularly those using systems that store or have access to sensitive data such as personal information. Hackers can often exploit out-of-date systems—in fact, the day after Patch Tuesday is often known as Exploit Wednesday, as hackers use this opportunity to attack machines that haven’t updated the previous day’s patches! Even if you use strong authentication methods such as Multi-Factor Authentication if your system is not kept up to date you can still be vulnerable to hacking.

2. Fixing bugs

If you want to carry out effective and efficient operational procedures, you need to make sure that your operating system is running smoothly. Patches can fix potential bugs as well as generally increasing the efficiency of operating systems and the software that they use.

3. You don’t want your systems to become obsolete

Operating systems that are not updated are likely to become obsolete. This won’t happen instantly by missing one or two Patch Tuesdays, but you may find yourself unable to use certain pieces of software if your system isn’t up to date!

4. The user experience can be improved

The smoother the user experience of your systems is, the more effectively users can carry out the operations that they need to. This can increase the efficiency of your organisation as a whole.

5. Patches can add useful new features

It is not just fixes to bugs or potential security weaknesses that patches can provide—in some cases, handy new features are added to operating systems and software for free!

What should you consider before updating?

Although carrying out updates on Patch Tuesday is highly recommended, there are a few risk factors to be aware of when doing so.

There are always risk factors to consider when rolling out all relevant endpoints to the latest Windows version. Some patches can include bugs, which could potentially break or impact live environments!. But fear not—this can be addressed by testing out the update on one development machine first, then rolling out to every other Windows machine if that update goes well and all functionality remains the same. Remember, updating all your machines comes with great responsibility!

New patch bundles can sometimes contain vulnerabilities that you may not be aware of. It’s always important to review each update, along with the relevant risk. For example, if a critical security patch is needed for a fundamental part of your infrastructure, definitely prioritise this update!

Maintaing mobile phone security by updating software via cloud

How do you make sure Windows OS is updated on your device?

You can check your Windows OS is up to date and on the latest patch by doing the following:

Step 1: Within the Windows taskbar, search for "Settings" and select the following icon:

Step 2: Once you are on the settings, select "Update and Security".

Step 3: Click “Check for updates”, and the button will change for the relevant option. If your machine is updated, this will tell you so. If your system is not up to date, it will search for newer updates and install or download them as necessary.

What are the updates in the latest patch?

Each patch bundle comes with a variety of new updates to different components of your operating system and software applications. These updates may be bug fixes, security reinforcements, increases in compatibility between different programs, new features, or any combination of these.

The specifics of each patch bundle will vary—you can find out the details of the latest patch by visiting Microsoft's website: https://msrc.microsoft.com/update-guide/

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
tve_leads_unique	1 month	This cookie is set by the provider Thrive Themes. This cookie is used to know which optin form the visitor has filled out when subscribing a newsletter.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
c3po.jpg	Session	This pixel tracker, set by metricool.com, collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook as part of their embedded services on our websites (likes, sharing etc.).
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
ClientId	1 year	No description available.
li_gc	2 years	No description
OIDC	6 months	No description available.
OutlookSession	session	No description available.
tl_1206_1206_4	1 month	No description
tl_544_544_1	1 month	No description