If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.
You don’t need us to tell you that Microsoft as a software developer is a big deal, having released major computer operating systems and business applications that are used by countless individuals and organizations across the globe. We want to highlight one quality that is a little easy to forget sometimes, though, and that is the fact that Microsoft, like any other software developer and publisher out there, is not infallible. They are bound to create products with flaws in them, just like anyone else.
This is why Patch Tuesday exists. It provides Microsoft with the opportunity to routinely address performance issues, security risks, and other bugs that might be discovered in their software. Each month, the Microsoft Security Response Center puts out information using Common Vulnerabilities and Exposures numbers on their website. This information is designed to inform IT workers and the public in general about security issues that are addressed with each update. These updates typically cover Windows operating systems—including those that have reached their end-of-life but are covered under an extended support contract—as well as other Microsoft software products.
Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00pm (Coordinated Universal Time).
Simply put, Patch Tuesday was created to give IT workers a heads-up as to when patches and updates will be applied. Oftentimes IT workers will need to prepare an infrastructure for a blanket installation of important patches and updates, so this gives them an official date and time to work towards.
Patch Tuesday is also important to another, slightly less altruistic group of individuals: hackers. Cybercriminals and developers of online threats can scour the code of Microsoft’s patches to gain insights into vulnerabilities that might have been addressed within them. They can then use that information to reverse-engineer patches, so to speak, to target individuals who have not deployed their new patches and updates, thereby getting the jump on users who have not expediently deployed them.
There is a reason why patches and security updates are issued so regularly, and it’s a big one: your business is very much at risk without them. Patches and updates are issued to shore up security vulnerabilities in software—vulnerabilities that could ultimately give hackers access to your network if they are crafty enough.
It’s important to note that not all vulnerabilities are actively exploited in the wild prior to being detected. It’s entirely possible that developers at Microsoft happened upon them out of the blue and decided to address them appropriately. When they do find unpatched vulnerabilities that are being exploited, however, they tend to release patches and updates out of their routine to get them into the hands of the public as soon as possible.
If all this talk about patches and updates has you concerned about the future of your organization, fear not. The Connection, Inc is happy to assist you with the management and deployment of all patches and updates for your mission-critical systems. To learn more about what we can do for your business, reach out to us at (732) 291-5938.