20 Years Of Patch Tuesday
Two Decades Of Predictable Patch Schedules
Microsoft recently published a quick retrospective celebrating two decades of every IT persons favourite day, Patch Tuesday. Those somewhat new to the business may never recall a time when patches arrived in an ad hoc manner, appearing out of nowhere to install on your systems. It was a wild time, as not every patch came in quietly and trying to figure out why several machines suddenly had issues was a frequent headache. We did get emails about what was being pushed, but usually without enough time to block them until they could be properly tested.
In 2003 that all changed, when Microsoft started to bundle all their patches into a single push that happened on the second Tuesday of every month. While there are still occasionally patches pushed to computers out of band when a zero day is discovered and can be mitigated, that is now the exception as opposed to the rule. This allowed IT departments to delay the major patches, if they desired, to allow certain guinea pigs to test them before rolling the patches out to everyone. It also made it quite clear to other vendors that a proper schedule for patches is what their customers wanted, and similar processes have been adopted by most of them over the years.
Patch Tuesday will continue on for the foreseeable future, Microsoft has no plans on changing the schedule. It would be nice if they reverted to the old process of emailing out the Knowledgebase numbers of every patch included in patch Tuesday, but unfortunately those days are long gone and unlikely to return.
Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft's Secure Future Initiative announced this month. Each month, we deliver security updates on the second Tuesday, underscoring our pledge to cyber defense. As we commemorate this milestone, it's worth exploring the inception of Patch Tuesday and its evolution through the years, demonstrating our adaptability to new technology and emerging cyber threats...