How Microsoft's Patch Tuesday Affects Business Processes and Security

An entire industry has grown up around Microsoft Patch Tuesday: The five-year push for predictable, scheduled security fixes has spawned both Microsoft and third-party vendor tools specifically to deal with the complexity of installing Microsoft security patches.

By Karen D. Schwartz

CONNECTIONS
Microsoft
BigFix
Lumension Security
Wed, July 09, 2008CIO Time: The second Tuesday of every month, 10:00 a.m. PST. Like clockwork, Microsoft releases a group of security patches. And like clockwork, that release sets in motion a flurry of events from businesses, security vendors, the media and even hackers.

MORE ON CIO.com
Microsoft Reissues Patch, Encourages XP SP2, SP3 Re-Installs
Microsoft's Critical Bluetooth Patch Didn't Work on XP
Microsoft Releases Massive Set of Security Updates

Microsoft Patch Tuesday, as it is widely known, started in October of 2003 at the request of Microsoft's customers, who preferred to receive patches in an organized way, at a specified time, explains Christopher Budd, Microsoft's security response communications lead. The change was made to make testing and deploying updates easier and more predictable.

In formalizing the process, Microsoft gave customers what they wanted, but in doing so, they also fostered a bustling industry around those monthly patches.

It's a pattern that repeats every month: On the Thursday before Patch Tuesday, the Microsoft Security Response Center (MSRC) issues an advanced notification about what will be included. On Patch Tuesday, customers that have signed up for the Security Notification Service receive a notice alerting them of the newly available security updates. Users can then download the security update using a variety of Microsoft or third-party tools—ones that have sprung up specifically to deal with the complexity of what and how to install Microsoft security patches.

Because of these complexities, an entire industry has grown up around Patch Tuesday. Businesses race to quickly determine which are the most critical for their users and which might inadvertently cause more problems than they solve. Security firms rapidly implement fixes to their own systems and push them out to users. The press floods the public with descriptions and warnings, and hackers work to reverse-engineer the patches to discover and use the vulnerabilities to their own advantage.

"Every Patch Tuesday sets off a race where companies try to get their computers patched before they accidentally hit a website with hacker code," says Brian Livingston, editor of Windows Secrets newsletter.

A Necessary Evil

With all of this activity going on, it's no wonder that many companies don't relish the process of determining which patches are most important to push out to all PCs on the network and which can wait until later. In addition, some patches can cause more problems than they solve, due to incompatibility and instability issues.

"Companies need to learn as much about these patches as they can to know which ones are essential, which can be delayed and which shouldn't be installed under any circumstances," Livingston says.
Loading...
Security MarketSpace
White Papers
Secure Training Videos to Prevent Theft
Learn how Dream Force extended their marketing reach without being constricted. Learn more »
Prevent Intellectual Property Theft
Learn what the key components were in Hock International's purchasing decision. Learn more »
Is Your PDF Security Software Really Secure?
Find out what security vendors might not be telling you about their products and solutions. Learn more »
Webcasts
Managing Client Systems in the Enterprise
Why Data Loss is Increasing--and What You Can Do About It
Maximizing the Business Value of the PC Infrastructure
Reduced IT budgets have CIOs hunting for ways to maximize their PC infrastructure, while saving money and IT staff time. Diane Bryant, CIO of Intel Corp., talks with CIO magazine's Gary Beach about how her organization is addressing these challenges. Learn more »
 
SPONSORED LINKS
 

Data Loss Prevention: A Better Way to Approach Security

Software Executives: Take Control of Your Organization's Code Quality

Delivering Secure and Reliable Data through Spreadsheet Automation

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Mid-Sized Company CIO Community: infoBOOM!

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

White Paper: 8 Key Ingredients to Building an Internal Cloud

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

Top 10 Business and IT Drivers for the Wealth Management Sector

Bottom-Line Benefits of Virtualization

White Paper: The Building Blocks for Cloud Computing

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Gartner Shares Predictions for 2009

Improve ROI, lower TCO and reduce energy consumption.

Stop Application Fraud at the Source with Device Reputation

Ready to Act: 3 Recommendations for Agile Processes

Automating the Generation and Secure Distribution of Excel Reports

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Learn how to managing client systems in the enterprise.

Cloud Computing: Read about VMware's compelling vision & set of products

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

8 Key Ingredients to Building an Internal Cloud

Data Center Optimization: Three Key Strategies

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

 
 
RESOURCE CENTER
 
buy a link »
Ads by TechWords