In this article we will be looking at Patch Tuesday—what it is, when it is, and what you can do to make the most of it. Patch Tuesday is an important date in the calendar of any system administrator, especially those within larger organisations!
What is Patch Tuesday?
Patch Tuesday is a commonly-used name for the day that software companies typically release regular patches for their products. Patches are updates to software intended to fix issues, strengthen security, or increase compatibility with other software or systems. Patch Tuesday is not an official event, but has become an industry standard that companies such as Microsoft, Oracle, Adobe, and others follow. It is also often referred to as Update Tuesday.
Patch Tuesday was first introduced by tech giant Microsoft in October 2003. Ever since the release of the Windows 98 operating system in (you guessed it!) 1998, the Windows Update program has been a standard feature of any Microsoft operating system. Early versions of Windows Update would automatically check for patches to all components of the Operating System. These patches were released intermittently by Microsoft.
Not only did releasing and distributing these patches sporadically cost Microsoft a lot of money, but also customers with more than one copy of the Windows OS had to manually update each deployment separately—you can imagine how time-consuming this was for companies with many Windows machines!
Patch management is extremely important for the optimal running and security of systems, but can be difficult and time-consuming, and was even more so in the early days. Microsoft introduced Patch Tuesday in 2003 to save distribution costs as well as to simplify patch management for their own engineers and for consumers by bundling multiple patches together at regular times.
When is Patch Tuesday?
Patch Tuesday takes place on the second Tuesday of every month at 10pm PST/PDT (in the UK, that’s 6am GMT/BST on the Wednesday).
The reason that Tuesday was chosen for this is so that system administrators and users have plenty of time available before the weekend to fix any potential issues caused by the new software patches. Monday is also left free so that any unexpected problems that may have happened over the weekend can be addressed.
Any potential bugs caused by patches are usually addressed with hotfixes. Hotfixes are smaller updates that can be carried out immediately to a live system without downtime, often known as QFE (Quick-Fix Engineering) updates.
Although the bulk of updates are released on Patch Tuesday, smaller updates are often released at other times, especially if they are urgent. For example, Windows Defender and Microsoft Security Essentials usually receive daily updates to their malware databases.
Occasionally, a second Patch Tuesday takes place halfway between two monthly Patch Tuesdays, two weeks from each.
Why should you update your devices on Patch Tuesday?
Updating your systems is an essential factor in system administration, whatever the size and complexity of your network. Even smaller organisations are recommended to apply patches on Patch Tuesday, for several reasons:
1. Maintaining your security
Strong security is vital for all organisations, particularly those using systems that store or have access to sensitive data such as personal information. Hackers can often exploit out-of-date systems—in fact, the day after Patch Tuesday is often known as Exploit Wednesday, as hackers use this opportunity to attack machines that haven’t updated the previous day’s patches! Even if you use strong authentication methods such as Multi-Factor Authentication if your system is not kept up to date you can still be vulnerable to hacking.
2. Fixing bugs
If you want to carry out effective and efficient operational procedures, you need to make sure that your operating system is running smoothly. Patches can fix potential bugs as well as generally increasing the efficiency of operating systems and the software that they use.
3. You don’t want your systems to become obsolete
Operating systems that are not updated are likely to become obsolete. This won’t happen instantly by missing one or two Patch Tuesdays, but you may find yourself unable to use certain pieces of software if your system isn’t up to date!
4. The user experience can be improved
The smoother the user experience of your systems is, the more effectively users can carry out the operations that they need to. This can increase the efficiency of your organisation as a whole.
5. Patches can add useful new features
It is not just fixes to bugs or potential security weaknesses that patches can provide—in some cases, handy new features are added to operating systems and software for free!
What should you consider before updating?
Although carrying out updates on Patch Tuesday is highly recommended, there are a few risk factors to be aware of when doing so.
There are always risk factors to consider when rolling out all relevant endpoints to the latest Windows version. Some patches can include bugs, which could potentially break or impact live environments!. But fear not—this can be addressed by testing out the update on one development machine first, then rolling out to every other Windows machine if that update goes well and all functionality remains the same. Remember, updating all your machines comes with great responsibility!
New patch bundles can sometimes contain vulnerabilities that you may not be aware of. It’s always important to review each update, along with the relevant risk. For example, if a critical security patch is needed for a fundamental part of your infrastructure, definitely prioritise this update!
How do you make sure Windows OS is updated on your device?
You can check your Windows OS is up to date and on the latest patch by doing the following:
Step 1: Within the Windows taskbar, search for "Settings" and select the following icon:
Step 2: Once you are on the settings, select "Update and Security".
Step 3: Click “Check for updates”, and the button will change for the relevant option. If your machine is updated, this will tell you so. If your system is not up to date, it will search for newer updates and install or download them as necessary.
What are the updates in the latest patch?
Each patch bundle comes with a variety of new updates to different components of your operating system and software applications. These updates may be bug fixes, security reinforcements, increases in compatibility between different programs, new features, or any combination of these.
The specifics of each patch bundle will vary—you can find out the details of the latest patch by visiting Microsoft's website: https://msrc.microsoft.com/update-guide/