Patch Tuesday refers to the second Tuesday of each month when Microsoft™ releases fixes for known bugs in its operating systems and other products. The fixes are small files called patches available for free download from the Microsoft website. Patch Tuesday began in 2004 in an effort to help network administrators more easily deal with the logistics involved in scheduling the upgrade of multiple machines.
Prior to Patch Tuesday, administrative problems cropped up across networks wherein some machines would have current patches and others would not. If a particular patch caused a peripheral, unexpected problem in functionality and needed uninstalling, the problem was unevenly concussive due to lack of coordination in the update process.
Patch Tuesday allows network administrators to plan for network-wide upgrades ahead of time, anticipating and scheduling deployment in a more orderly fashion. As part of the monthly security cycle, administrators can subscribe to the free Microsoft Security Bulletin Advance Notification Service, receiving prior notice about the number of patches coming, programs affected, and ranking of severity. The bulletin also informs the recipient of updated Microsoft-supplied detection tools, and non-security, critical updates for automated Microsoft update services. The Advance Notification bulletin is generally emailed to subscribers three business days before Patch Tuesday.
Critics have leveled that Patch Tuesday can allow hackers to exploit security holes for an entire month. This occurs when an exploit is made public, or a worm is released, just shy of Patch Tuesday, disallowing Microsoft a chance to fix the exploit in time for the upcoming updates. Some hackers might even sit on exploits to gain maximum benefit from the monthly release cycle.
Patch Tuesday also inadvertently provides an opportunity for another form of exploitation. Inclined hackers can download security patches on Tuesday and study them to deduce, within hours, how to exploit unpatched systems. This has given rise to the term, “Exploit Wednesday” for the day immediately following Patch Tuesday.
Yet another criticism of Patch Tuesday is that millions of computers connected to the Internet might reboot within a relatively short period of time. Purportedly, this can interfere with the running of some Internet businesses. According to an August 2007 article in The Register™, Skype™ blamed a two-day outage of their VoIP services on an inordinate number of computers trying to log back on to the network following updates on Patch Tuesday that required a reboot.
Despite Patch Tuesday’s designation, patches are sometimes released on other days of the month. The final Patch Tuesday for Windows XP is 8 April 2014, when Microsoft’s extended support of the operating system expires.