Dec 23, 2020
What is...Patch Tuesday
In October 2003, Microsoft began releasing organized security-related updates and fixes for its operating system and other Microsoft software applications. This day became unofficially known as Patch Tuesday.
As Microsoft finds and fixes vulnerabilities in their software, they usually don’t release each patch as it is made. Instead, the patches are collected together into one update and released all together on Patch Tuesday.
Releasing all of the patches on a single day within a single update enables IT professionals to anticipate and plan for each Patch Tuesday. Many other software companies like Oracle and Adobe also release their security patches on the same day.
Patch Tuesday reoccurs every second Tuesday of each month if one is in North America. There isn’t a guaranteed time of day that these patches are released, but Microsoft tends to make them available by noon Pacific Standard Time, though they could be released earlier or later.
The average Windows PC will update automatically, but IT administrators may choose to test individual patches before they are deployed throughout their organization.
Of course, Patch Tuesday isn’t the only day that updates are made available. Microsoft and other organizations will release patches if the corresponding vulnerability is being actively exploited in the wild. Microsoft also releases non-security related updates during the third and fourth week of each month. Once tested and approved, these updates make it into the following month’s Patch Tuesday update.
As soon as the updates for Patch Tuesday are released, exploit developers are able to analyze the previously undisclosed vulnerabilities. This has given the following day the name of Exploit Wednesday.
IT professionals know they need to patch the most critical vulnerabilities for their organization once a patch is released. It’s only a matter of time before an unpatched vulnerability is exploited by a malicious actor, but it’s best to ensure that the ones that pose the most risk are patched before non-critical vulnerabilities.
To make sure that the most critical vulnerabilities are patched first, it’s necessary to know which applications are most important to business continuity and how far reaching the consequences of a successful exploit could be. Utilizing a vulnerability management system like TOPIA can prioritize and deploy updates automatically. This cuts out the guesswork so you know that the most critical vulnerabilities are patched first. TOPIA also protects vulnerable applications from exploitation even if a patch is unavailable with its Patchless Protection technology.
The Difference Between Remediation and MitigationKent Weigle October 15, 2021
Vulnerability Remediation GuidelinesKent Weigle October 14, 2021
What is Vulnerability Remediation?Kent Weigle October 08, 2021
Average Time to Remediation Hits 205 DaysKent Weigle August 12, 2021
Vulnerability Management: What You Need To KnowKent Weigle July 12, 2021