How Microsoft's Patch Tuesday Affects Business Processes and Security

An entire industry has grown up around Microsoft Patch Tuesday: The five-year push for predictable, scheduled security fixes has spawned both Microsoft and third-party vendor tools specifically to deal with the complexity of installing Microsoft security patches.

By Karen D. Schwartz

CONNECTIONS
Microsoft
BigFix
Lumension Security
Wed, July 09, 2008CIO Time: The second Tuesday of every month, 10:00 a.m. PST. Like clockwork, Microsoft releases a group of security patches. And like clockwork, that release sets in motion a flurry of events from businesses, security vendors, the media and even hackers.

MORE ON CIO.com
Microsoft Reissues Patch, Encourages XP SP2, SP3 Re-Installs
Microsoft's Critical Bluetooth Patch Didn't Work on XP
Microsoft Releases Massive Set of Security Updates

Microsoft Patch Tuesday, as it is widely known, started in October of 2003 at the request of Microsoft's customers, who preferred to receive patches in an organized way, at a specified time, explains Christopher Budd, Microsoft's security response communications lead. The change was made to make testing and deploying updates easier and more predictable.

In formalizing the process, Microsoft gave customers what they wanted, but in doing so, they also fostered a bustling industry around those monthly patches.

It's a pattern that repeats every month: On the Thursday before Patch Tuesday, the Microsoft Security Response Center (MSRC) issues an advanced notification about what will be included. On Patch Tuesday, customers that have signed up for the Security Notification Service receive a notice alerting them of the newly available security updates. Users can then download the security update using a variety of Microsoft or third-party tools—ones that have sprung up specifically to deal with the complexity of what and how to install Microsoft security patches.

Because of these complexities, an entire industry has grown up around Patch Tuesday. Businesses race to quickly determine which are the most critical for their users and which might inadvertently cause more problems than they solve. Security firms rapidly implement fixes to their own systems and push them out to users. The press floods the public with descriptions and warnings, and hackers work to reverse-engineer the patches to discover and use the vulnerabilities to their own advantage.

"Every Patch Tuesday sets off a race where companies try to get their computers patched before they accidentally hit a website with hacker code," says Brian Livingston, editor of Windows Secrets newsletter.

A Necessary Evil

With all of this activity going on, it's no wonder that many companies don't relish the process of determining which patches are most important to push out to all PCs on the network and which can wait until later. In addition, some patches can cause more problems than they solve, due to incompatibility and instability issues.

"Companies need to learn as much about these patches as they can to know which ones are essential, which can be delayed and which shouldn't be installed under any circumstances," Livingston says.

patch
Loading...
Security MarketSpace
8 Tactics to Combat Vulnerabilities
This white paper reviews 8 key elements of vulnerability management and provides advice on combating known vs. unknown vulnerabilities. Learn more »
Email and Web Threats Require a Layered Defense
Learn how web threats are changing and how using a layered defense strategy can give you the security you need. Learn more »
The Case for Data Protection for SMBs
Take Fraudsters Out of the Game
Easily identify account-device relationships and get data for in-depth forensic analysis. Learn more »
Mobile Security Landscape
This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy. Learn more »
Reducing Energy Costs in Your Data Center
This white paper examines the most common roadblocks to improving data center efficiency. Learn more »
Security convergence equals network security cost savings
 Security convergence equals network security cost savings Learn more »
IBM ISS X-Force Threat and Risk Report
Read this Trend and Risk report from IBM® ISS X-Force® to learn statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. Learn more »
 
SPONSORED LINKS
 

Mobile Security: The Essential Ingredient for Today's Enterprise

IDC White Paper: CCM for IT Compliance and Risk Management

Keeping Your Members Safe from Online Scams and Predators

Learn about the growing threat of insider data theft.

See how AT&T can help protect your network.

Webcast: Unleashing the Power of Customer Data

White Paper: 5 Best Practices for Smartphone Support

Global Research: CIOs Weigh In On Virtualization

5 Key Virtualization Management Challenges

The Total Economic Impact of Network Security Intrusion Prevention

Join us at the US-Brazil IT-BPO Summit, on November 10th in New York.

Increase UPS efficiency without sacrificing protection.

Learn how advanced forecasting tools can deliver significant business results for global corporations.

Lower IT Costs with Oracle Database 11g Release 2

White Paper: Visibility and the New Normal of Mobile Work

Taking the Service Desk to the Next Level

Learn about The Information Technology Infrastructure Library.

Top Five CIO Challenges

Streamline IT Costs. Boost Performance with WAN Optimization.

Want to know how you can maximize employee productivity?

Build your 1st app FREE with Force.com

TDWI checklist helps define data readiness for analytics. Download report.

A new fleet of PCs with a total ROI in 10 months. Find your ROI.

eZine: A Roadmap to Reducing IT Complexity

Reduce risk, gain agility. See how Progress can help your business.

White Paper: Managed Security for a Not-So-Secure World

Secure Email and Web-Based Communication from Evolving Attacks

WagerWorks Takes Fraudsters Out of the Game using iovation

White Paper: A Security Blueprint Delivered From within the Network

White Paper: 4 Customer Service Myths

White Paper: Improve Agility with Operational Responsiveness

White Paper: Legacy Tools: Not Built for the Helpdesk

Taking a Seat at the Executive Table: The Reality of Virtualization

White Paper: Next Generation Remote Infrastructure Management

Seven Design Requirements for Web 2.0 Threat Protection

Generation Remote Infrastructure Management - Changing the Paradigm

Cloud-Based Email Management: Opinion Shifts In Favor

eBook: How Can You Make Your People Productive Anywhere?

Achieving Business Agility with Application Grid

Ready to virtualize tier one applications? Check your virtualization maturity.

Seven Ways ITIL Can Help You in an Economic Downturn

Tips for successful virtualization management.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion

Read the RSA report: Security for Business Innovation

Webcast: Looking to the Cloud for Email and Collaboration Services

64-page prescriptive guide to security, compliance, and IT operations.

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

A Clear View Toward Virtualization

Virtualization Technology as a Business Solution

The rules of infrastructure management just changed.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords