Microsoft releases patches for known bugs in its products on the second Tuesday of each month, known as Patch Tuesday. This allows network administrators to plan ahead for updates and subscribe to advance notifications. Critics claim it can allow hackers to exploit security holes for a month and presents an opportunity for hackers to study unpatched systems. Patches are sometimes released on other days and support for Windows XP ended in 2014.
Patch Tuesday refers to the second Tuesday of each month when Microsoft releases fixes for known bugs in its operating systems and other products. Fixes are small files called patches available for free download from the Microsoft website. Patch Tuesday began in 2004 with the goal of helping network administrators more easily manage the logistics involved in scheduling multiple machine updates.
Prior to Patch Tuesday, administrative issues arose on networks where some machines had current patches and some did not. If a particular patch caused an unexpected peripheral functionality issue and required uninstalling, the issue was irregularly concussive due to lack of coordination in the update process.
Patch Tuesday allows network administrators to plan ahead for network-wide updates, anticipating and planning for deployment in a more orderly manner. As part of the monthly security cycle, administrators can subscribe to the free Microsoft Security Bulletin Advance Notification service, receiving advance notice of the number of upcoming patches, affected programs, and severity rating. The bulletin also informs the recipient of updated detection tools provided by Microsoft and critical non-security updates for Microsoft’s automated update services. The Advance Notification Bulletin is typically emailed to subscribers three business days prior to Patch Tuesday.
Critics have claimed that Patch Tuesday can allow hackers to exploit security holes for an entire month. This occurs when an exploit is made public, or a worm is released, shortly before Patch Tuesday, which prevents Microsoft from fixing the exploit in time for upcoming updates. Some hackers may even exploit exploits to get the most benefit out of the monthly release cycle.
Patch Tuesday also inadvertently presents an opportunity for another form of exploitation. More inclined hackers can download security patches on Tuesday and study them to deduce, within hours, how to exploit unpatched systems. This gave rise to the term “Exploit Wednesday” for the day immediately following Patch Tuesday.
Another criticism of Patch Tuesday is that millions of Internet-connected computers could reboot in a relatively short period of time. Presumably, this can interfere with the handling of some Internet activities. According to an August 2007 article in The Register, Skype blamed a two-day outage of its VoIP services on too many computers trying to reconnect to the network following Patch Tuesday updates that required a restart.
Despite the Patch Tuesday designation, patches are sometimes released on other days of the month. The last Patch Tuesday for Windows XP is April 8, 2014, when Microsoft’s extended support for the operating system expires.
Protect your devices with Threat Protection by NordVPN