Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Time: The second Tuesday of every month, 10:00 a.m. PST. Like clockwork, Microsoft releases a group of security patches. And like clockwork, that release sets in motion a flurry of events from businesses, security vendors, the media and even hackers.
Microsoft Patch Tuesday, as it is widely known, started in October of 2003 at the request of Microsoft's customers, who preferred to receive patches in an organized way, at a specified time, explains Christopher Budd, Microsoft's security response communications lead. The change was made to make testing and deploying updates easier and more predictable.
In formalizing the process, Microsoft gave customers what they wanted, but in doing so, they also fostered a bustling industry around those monthly patches.
It's a pattern that repeats every month: On the Thursday before Patch Tuesday, the Microsoft Security Response Center (MSRC) issues an advanced notification about what will be included. On Patch Tuesday, customers that have signed up for the Security Notification Service receive a notice alerting them of the newly available security updates. Users can then download the security update using a variety of Microsoft or third-party tools-ones that have sprung up specifically to deal with the complexity of what and how to install Microsoft security patches.
Because of these complexities, an entire industry has grown up around Patch Tuesday. Businesses race to quickly determine which are the most critical for their users and which might inadvertently cause more problems than they solve. Security firms rapidly implement fixes to their own systems and push them out to users. The press floods the public with descriptions and warnings, and hackers work to reverse-engineer the patches to discover and use the vulnerabilities to their own advantage.
"Every Patch Tuesday sets off a race where companies try to get their computers patched before they accidentally hit a website with hacker code," says Brian Livingston, editor of Windows Secrets newsletter.
"How Microsoft's Patch Affects Business Processes, Security" Comments