Two Decades Of Predictable Patch Schedules
Microsoft recently published a quick retrospective celebrating two decades of every IT persons favourite day, Patch Tuesday. Those somewhat new to the business may never recall a time when patches arrived in an ad hoc manner, appearing out of nowhere to install on your systems. It was a wild time, as not every patch came in quietly and trying to figure out why several machines suddenly had issues was a frequent headache. We did get emails about what was being pushed, but usually without enough time to block them until they could be properly tested.
In 2003 that all changed, when Microsoft started to bundle all their patches into a single push that happened on the second Tuesday of every month. While there are still occasionally patches pushed to computers out of band when a zero day is discovered and can be mitigated, that is now the exception as opposed to the rule. This allowed IT departments to delay the major patches, if they desired, to allow certain guinea pigs to test them before rolling the patches out to everyone. It also made it quite clear to other vendors that a proper schedule for patches is what their customers wanted, and similar processes have been adopted by most of them over the years.
Patch Tuesday will continue on for the foreseeable future, Microsoft has no plans on changing the schedule. It would be nice if they reverted to the old process of emailing out the Knowledgebase numbers of every patch included in patch Tuesday, but unfortunately those days are long gone and unlikely to return.