Security Terms for 400

Dec 23, 2020

"The day when Microsoft releases updates for their software to improve security."

What is...Patch Tuesday

Correct! đź’Ż


In October 2003, Microsoft began releasing organized security-related updates and fixes for its operating system and other Microsoft software applications. This day became unofficially known as Patch Tuesday.

As Microsoft finds and fixes vulnerabilities in their software, they usually don’t release each patch as it is made. Instead, the patches are collected together into one update and released all together on Patch Tuesday.

Releasing all of the patches on a single day within a single update enables IT professionals to anticipate and plan for each Patch Tuesday. Many other software companies like Oracle and Adobe also release their security patches on the same day.

When is Patch Tuesday?

Patch Tuesday reoccurs every second Tuesday of each month if one is in North America. There isn’t a guaranteed time of day that these patches are released, but Microsoft tends to make them available by noon Pacific Standard Time, though they could be released earlier or later.

The average Windows PC will update automatically, but IT administrators may choose to test individual patches before they are deployed throughout their organization.

Of course, Patch Tuesday isn’t the only day that updates are made available. Microsoft and other organizations will release patches if the corresponding vulnerability is being actively exploited in the wild. Microsoft also releases non-security related updates during the third and fourth week of each month. Once tested and approved, these updates make it into the following month’s Patch Tuesday update.

Exploit Wednesday

As soon as the updates for Patch Tuesday are released, exploit developers are able to analyze the previously undisclosed vulnerabilities. This has given the following day the name of Exploit Wednesday.

IT professionals know they need to patch the most critical vulnerabilities for their organization once a patch is released. It’s only a matter of time before an unpatched vulnerability is exploited by a malicious actor, but it’s best to ensure that the ones that pose the most risk are patched before non-critical vulnerabilities.

To make sure that the most critical vulnerabilities are patched first, it’s necessary to know which applications are most important to business continuity and how far reaching the consequences of a successful exploit could be. Utilizing a vulnerability management system like TOPIA can prioritize and deploy updates automatically. This cuts out the guesswork so you know that the most critical vulnerabilities are patched first. TOPIA also protects vulnerable applications from exploitation even if a patch is unavailable with its Patchless Protection technology.

Written by

Kent Weigle

Recent Posts

  • 1

    The Difference Between Remediation and Mitigation

    Kent Weigle October 15, 2021
  • 2

    Vulnerability Remediation Guidelines

    Kent Weigle October 14, 2021
  • 3

    What is Vulnerability Remediation?

    Kent Weigle October 08, 2021
  • 4

    Average Time to Remediation Hits 205 Days

    Kent Weigle August 12, 2021
  • 5

    Vulnerability Management: What You Need To Know

    Kent Weigle July 12, 2021

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
    CVE Invaders