“Patch Tuesday”: What to Look for and How to Manage It
If you run any important software applications at home or at work, and particularly if they are from the likes of Microsoft, Adobe, and Oracle, then you will probably have at least passing familiarity with “Patch Tuesday”.
Patch Tuesday, also known as Update Tuesday, is the unofficial name used when big software companies like Microsoft release software patches for their software products. Formalized by Microsoft in 2003, Patch Tuesday takes place on the second Tuesday of each month in North America, but also occasionally on the fourth Tuesday of each month. Besides Adobe and Oracle, Patch Tuesday has been adopted by companies like SAP.
Here is a brief overview of what you need to know about Patch Tuesday.
What Is Patch Tuesday?
Patch Tuesday is typically the second Tuesday of each month, with announcements released precisely at 10 a.m. Pacific Time. Note that in the case of extremely serious security updates, companies like Microsoft will send out updates outside of the normal Tuesday timeframe.
What Happens on Patch Tuesday?
Companies like Microsoft release security updates for their software on Patch Tuesday. These can be anything from minor updates to major improvements.
How Do You Know What is Being Released on Patch Tuesday?
Each of the major software companies runs a series of security advisory and bulletin pages. These indexes, bulletins, and advisories are arranged chronologically and follow certain naming conventions that, once you decode them, make understanding what is released and when it is released relatively easy
How Do You Know Which Updates Are Most Important?
Each security bulletin is accompanied by a rating that expresses the seriousness of the update:
- Critical: Vulnerabilities that should be applied by users immediately.
- Important: Vulnerabilities that can be explored to compromise data and systems or to cause a denial of service attack.
- Moderate: Vulnerabilities that can be mitigated by default configurations, authentication requirements, etc.
- Low: Vulnerabilities that typically require no extensive interaction or unusual configurations, though that does not necessarily mean that they can be ignored.
In addition, many software providers and third parties will discuss the Patch Tuesday release in more detail, sometimes using blogs. Other sites, such as patchmanagement.org, have been created to provide a community for discussing everything related to patches. Other third parties, such as Ivanti, provide webinars that help users minimize the impact of what is released on Patch Tuesdays and provide insight into what is important about the updates.
Is There a Way to Know in Advance What Is Being Released
Back in the good old days, Microsoft would publish advance notification of its security bulletins but they stopped doing that in 2014. Need help managing your IT? M3 Solutions can help. Contact us today!