Patch Tuesday
(also Update Tuesday)
Patch Tuesday definition
Patch Tuesday refers to the second Tuesday of the month when Microsoft releases security patches for its software. Patch Tuesday began in response to the extensive criticism Microsoft received from customers, security experts, and industry analysts over how it handled security updates, which were previously released on an as-needed basis.
The approach has been adopted by other major software vendors, establishing a trend in the industry. Despite the regular schedule, the company does have a process for releasing emergency patches for critical vulnerabilities outside of the Patch Tuesday cycle if necessary.
By grouping multiple updates, organizations can better plan and test updates. However, Patch Tuesday has been criticized because it creates increased risk between when a vulnerability is announced and when it is patched.
See also: vulnerability, patch
Examples of notable Patch Tuesdays
- June 2020. Microsoft released patches for 129 vulnerabilities across multiple products, making it the largest Patch Tuesday release at that time. Some vulnerabilities were “critical,” the highest severity rating.
- August 2020. Microsoft patched 120 vulnerabilities, including two zero-day vulnerabilities that were actively being exploited. The affected products ranged from Windows and Edge to Microsoft Office and .NET Framework.
- January 2020. Microsoft released a patch for a critical Windows vulnerability discovered by the US National Security Agency.
- March 2017. Microsoft delayed its Patch Tuesday for a month due to a “last-minute issue.”
- April 2017. Microsoft released a patch for a vulnerability exploited by the “WannaCry” ransomware attack.