Patch Tuesday is the second Tuesday of each month, when Microsoft releases the newest fixes for its Windows operating system and related software applications. Microsoft introduced Patch Tuesday in 2003 as a means of reducing costs associated with patch deployment. The company chose Tuesday because it was not the first day of the week, which typically has its own issues, but early enough that any ensuing problems could be dealt with before the following weekend. As a rule, patches are only sent out on that day although code fixes that are deemed to be critical may be sent at any time.
According to Microsoft, sending patches only once a month simplifies patch management. Because the date is known in advance, system administrators can plan for the day. They can also install multiple patches with a single reboot. However, many administrators find that dealing with the numbers of patches (in some cases more than 50) and associated problems can make Patch Tuesday and subsequent days overwhelmingly difficult.
There are also a number of security issues involved in issuing patches once a month. Most importantly, it means that known vulnerabilities may not be dealt with for several weeks. Furthermore, crackers can analyze patch code and exploit the vulnerabilities that the fixes were intended to deal with. As a result, the day after Patch Tuesday has become known in some circles as Exploit Wednesday.
Other effects of Patch Tuesday include surges of users coming online at the same time, which creates a strain on networks. Such a spike in usage can have a severe impact on the Internet. In August 2007, Skype blamed Patch Tuesday for a two-day outage.
Among administrators, Patch Tuesday is sometimes referred to as "Black Tuesday."
Continue Reading About Patch Tuesday
- This SearchWindowsSecurity.com technical tip asks the question "Are Microsoft's patch management tools right for you? "