pt-ebook-banner

What is Microsoft Patch Tuesday?

Microsoft Patch Tuesday or Update Tuesday is the colloquial name used to refer to the regular Microsoft patch release schedule. On this day, Microsoft periodically drops patches for Windows Operating systems and other Microsoft applications. So far, Microsoft has been following a trend of releasing more patches on the even months than on the odd ones.

When is Microsoft Patch Tuesday?

Patch Tuesday falls on the second Tuesday of every month. Register below to unfold what this Patch Tuesday has in store for us

Upcoming Patch Tuesday - June 9, 2020

Register for the ManageEngine Free Patch Tuesday webinar.

Register Now!

Previous Patch Tuesday updates

To get an overview of all the previous MS Patch Tuesday updates visit here.

What are patches?

Patches are fixes for a faulty piece of software code, The faults or loops in a software application often lead to vulnerabilities, which when exploited could potentially lead to information disclosure, denial service, remote code execution, etc. Patches released on Patch Tuesdays are rated based on the severity of the vulnerability it addresses, namely, critical, important, moderate and low. Higher the severity, higher is the likelihood of being exploited and potential damage. Generally patches released for wormable vulnerabilities receive Microsoft's highest severity ranking.

Why Microsoft follows the Patch Tuesday release trend?

Releasing security updates on a random day might add to the misery of already overburdened system admins. It's highly likely they might overlook critical security updates or end up wasting considerable time looking for patches released by the vendor. In order to save time and make the update process simpler and predictable for admins, Microsoft bundles smaller fixes into a larger update and rolls out on Patch Tuesday. This helps IT professionals to make plans to test and streamline their patch deployment. 

What is the Patch Tuesday schedule?

Generally, patches are out by 10 AM Los Angeles time (PDT), but they may be released anytime during the day.

What types of security updates can you commonly expect during MS Patch Tuesday?

Following are the types of security updates that are generally released on Patch Tuesday for Microsoft Windows and related products.

Update type

Supported operating systems

Cumulative updates

Windows 10, Windows server 2016, Windows server 2019.

Security roll up

Windows 7, Windows 8.1, Windows server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Security only updates

Windows 7, Windows 8.1, Windows server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Cumulative update for internet explorer

Windows 7, Windows 8.1, Windows server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Servicing stack update (Released at irrgular intervals, sometimes monthly or once in two months).

-

Security update for Adobe Flash Player

Windows 10, Windows server 2016, Windows server 2019.

.net updates (security only)

Windows 7, Windows 8.1, Windows server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

.net updates (security only roll up)

Windows 7, Windows 8.1, Windows server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.

Cumulative .net update

Windows 10, Windows server 2016, Windows server 2019.

Sha-2 updates

Windows 7 and Windows 2008 R2.

Do users have to wait till Patch Tuesday to patch the critical vulnerabilities exploited in the wild?

Probably not. For critical zero day flaws, the ones that are being actively exploited in the wild, especially if the attack is widespread and entails serious impacts, Microsoft issues immediate patches out of the normal Patch Tuesday cycle. These updates are called "out-of-band" security updates. However, if the vulnerability occurred close enough to the normal release date and if it's not exploited in the wild, Microsoft waits till Patch Tuesday to issue patches for the flaw. Even if you do get one or more critical patches outside Patch Tuesday, they are included in the security roll-ups and larger cumulative updates that come out on Patch Tuesday.

What other types of updates are released outside MS Patch Tuesday?

Microsoft also issues optional updates which includes non-security bug fixes, performance enhancements, and intel microcode updates. They are released on the 3rd or 4th week of every month.  Once they are tested, their fixes make it into subsequent month’s cumulative or roll up update on Patch Tuesday. Aside from these, Microsoft also fixes serious bugs that may exist in the previously released security updates outside the Patch Tuesday cycle. Also, you need to watch out for the definition updates for Windows Defender and Microsoft Security Essentials, which is pushed six to ten times a day to keep them up-to-date with the Malware database. Other than this, Windows 10 major version updates, also known as feature packs are released once every 6 months. To know more about Windows 10 feature packs and how to deploy them, refer to our article on Windows 10 feature packs.

Do third-party vendors release their patches on MS Patch Tuesday?

Besides the Microsoft updates, the prominent third party player Adobe schedule their security updates for major products like the Adobe Flash Player browser plug-in and Acrobat Reader PDF viewer to go on Microsoft Patch Tuesday.

What does the ManageEngine Patch Tuesday webinar cover?

 

  • Complete breakdown of latest Microsoft security patches
  • Updates on recent cyber news and ransomware attacks
  • Quick demo on how to ensure safe and efficient patching with Patch Manager Plus

Best practices to handle Microsoft Patch Tuesday

Patching and updating all your endpoints might seem like an impossible task, but there are best practices you can follow to streamline the patching process:

  • Subscribe to the ManageEngine PitStop to receive email alerts on the latest Microsoft Patches.
  • Patch Tuesday or the 2nd Tuesday can either come about on the second or third week of a month. Keep track of that, if you wish to schedule updates based on the Patch Tuesday cycle.
  • Ensure actively exploited and publicly disclosed vulnerabilities are patched first.
  • Followed by that patch critical vulnerabilities, and then important and moderate vulnerabilities subsequently.
  • Schedule updates to go out during non-business hours to prevent disruption of user productivity.
  • Look out of "out-of-band" updates. We highly recommend you to test all the patches, especially "out-of-band" updates to verify the stability of updates before rolling them out to production machines.
  • Decline less critical patches and roll them out after the important issues have been addressed.
  • Postpone or schedule reboots for critical machines and servers during weekends to prevent downtime.
  • Run patch reports to ensure network endpoints are up-to-date with the latest patch.