Microsoft Celebrates 20th Anniversary of 'Patch Tuesday' (microsoft.com) 17
This week the Microsoft Security Response Center celebrated the 20th anniversary of Patch Tuesday updates.
In a blog post they call the updates "an initiative that has become a cornerstone of the IT world's approach to cybersecurity." Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft's Secure Future Initiative announced this month. Each month, we deliver security updates on the second Tuesday, underscoring our pledge to cyber defense. As we commemorate this milestone, it's worth exploring the inception of Patch Tuesday and its evolution through the years, demonstrating our adaptability to new technology and emerging cyber threats...
Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner. Senior leaders of the Microsoft Security Response Center (MSRC) at the time spearheaded the idea of a predictable schedule for patch releases, shifting from a "ship when ready" model to a regular weekly, and eventually, monthly cadence...
This led to a shift from a "ship when ready" model to a regular weekly, and eventually, monthly cadence. In addition to consolidating patch releases into a monthly schedule, we also organized the security update release notes into a consolidated location. Prior to this change, customers had to navigate through various Knowledge Base articles, making it difficult to find the information they needed to secure themselves. Recognizing the need for clarity and convenience, we provided a comprehensive overview of monthly releases. This change was pivotal at a time when not all updates were delivered through Windows Update, and customers needed a reliable source to find essential updates for various products.
Patch Tuesday has also influenced other vendors in the software and hardware spaces, leading to a broader industry-wide practice of synchronized security updates. This collaborative approach, especially with hardware vendors such as AMD and Intel, aims to provide a united front against vulnerabilities, enhancing the overall security posture of our ecosystems. While the volume and complexity of updates have increased, so has the collaboration with the security community. Patch Tuesday has fostered better relationships with security researchers, leading to more responsible vulnerability disclosures and quicker responses to emerging threats...
As the landscape of security threats evolves, so does our strategy, but our core mission of safeguarding our customers remains unchanged.
In a blog post they call the updates "an initiative that has become a cornerstone of the IT world's approach to cybersecurity." Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft's Secure Future Initiative announced this month. Each month, we deliver security updates on the second Tuesday, underscoring our pledge to cyber defense. As we commemorate this milestone, it's worth exploring the inception of Patch Tuesday and its evolution through the years, demonstrating our adaptability to new technology and emerging cyber threats...
Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner. Senior leaders of the Microsoft Security Response Center (MSRC) at the time spearheaded the idea of a predictable schedule for patch releases, shifting from a "ship when ready" model to a regular weekly, and eventually, monthly cadence...
This led to a shift from a "ship when ready" model to a regular weekly, and eventually, monthly cadence. In addition to consolidating patch releases into a monthly schedule, we also organized the security update release notes into a consolidated location. Prior to this change, customers had to navigate through various Knowledge Base articles, making it difficult to find the information they needed to secure themselves. Recognizing the need for clarity and convenience, we provided a comprehensive overview of monthly releases. This change was pivotal at a time when not all updates were delivered through Windows Update, and customers needed a reliable source to find essential updates for various products.
Patch Tuesday has also influenced other vendors in the software and hardware spaces, leading to a broader industry-wide practice of synchronized security updates. This collaborative approach, especially with hardware vendors such as AMD and Intel, aims to provide a united front against vulnerabilities, enhancing the overall security posture of our ecosystems. While the volume and complexity of updates have increased, so has the collaboration with the security community. Patch Tuesday has fostered better relationships with security researchers, leading to more responsible vulnerability disclosures and quicker responses to emerging threats...
As the landscape of security threats evolves, so does our strategy, but our core mission of safeguarding our customers remains unchanged.
Unwavering commitment (Score:4, Insightful)
our unwavering commitment to protecting customers continues to this day
All I see in an unwavering commitment to moving everything on the cloud, making everything subscription-based, puting Microsoft users under heavy surveillance and monetizing their data.
Some customer protection...
Re: Unwavering commitment (Score:2)
Pity they couldnâ(TM)t celebrate but also announcing a new/updated version of WSUS server that would fix some, most or (dreams), all of the bugs and lack of functionality.
Fix the client to actually work and self repair. A âzpatch nowâoe functionality and reports that might actually give a good overview of the patching status. Or a DB that isnâ(TM)t so brittle that with any more than a tiny amount of clients it regularly need to be maintained by âzDeinstallationâoe, rather that
Re: (Score:2)
LOL! Also there sure is a lot to celebrate about all those patches! Genius to have a celebration for that, I never heard about such a thing as celebrating patches. Next, celebrate CVE alerts and advisories!
Re: (Score:2)
Indeed: 20 years on and they're still patching. I guess they're not very efficient at it.
Re: (Score:3)
Patches as in security (Score:4, Insightful)
I was doing Windows back when Moby Dick was a minnow. Through the years, looking at patch histories revealed a boatload of security patches. It is my opinion that MS-DOS, as a stand-alone OS, had little incentive to be secure and that indoctrination is in the DNA of Windows.
People across the globe are finding holes in Windows every day and either Microsoft is ignorant of the weaknesses or waits for enough people to bitch before patching.
It's 20 years of celebrating failures.
Re: (Score:2)
DOS was a single user OS with no security or permission model. Up to Windows ME, consumer Windows were based on that.
Windows NT was aimed at servers and workstations from the start, and adopted the (somewhat flawed) Unix security model of users and filesystem restrictions. Unfortunately, Windows XP didn't enable a lot of it due to compatibility issues. It wasn't until Windows Vista that things got really serious with security, and apps starting living in sandboxes.
NT doesn't use the UNIX permission model (Score:2)
Windows NT always had a more fine-grained permissions model than UNIX. Filesystem permissions were always ACL-based (not simple user/group/world), and fine-grained tokens could control access to different resources. The trouble is, it's complex to deal with, so too many programs will just get a token for full local admin access even if they only need access to one thing.
Re: (Score:2)
As often happens, literature creates more than one definition for common words. My username comes to us from Dave Barry, a Pulitzer Prize winner, when he wrote, "(candidate) Dole in a tank looks like Captain Dork of the Weenie Patrol."
"Dork," is also an informal reference to an eccentric or awkward person.
The use of ad hominem is the reason reasonable moderators have tanked your comment, but the rest of us are thankful for the illustration.
An initiative that what? (Score:2)
"an initiative that has become a cornerstone of the IT world's approach to cybersecurity."
How about "an initiative that has made anyone who actually has to work with Windows dread Tuesdays"?
Celebrating fundamentally flawed products (Score:3)
We always throw a party every Friday night to celebrate the ever increasing number of support tickets for our products.
Bigger numbers are always better and just looking at the increase somewhat gives a good feeling just before the weekend.
WTF? (Score:2)
Seriously?
Celebrating the biggest critical flaw in our computer architecture, that can never produce a secure OS (Rust will help but it cant make a truly secure OS without a significant architectural change).
Wow. Here I was seeing patch Tuesday as a necessary embarrassment and as an increasingly worrying reminder of how dangerous IT is and where we are going which is even worse.
I will be drinking the Scotch in the corner while everyone else parties.
It had to be a Tuesday (Score:1)
because Cisco had reserved "Backdoor Monday".
Sometimes it's Tuesday (Score:2)
Other days it's every other day of the week. We're all still suffering from Satish firing most of his QA team. An example: The Security vulnerabilities in Azure that they're trying to fix now should have been discovered a long time ago.
Celebrating? (Score:2)
I don't know if Windows Users and most IT Departments would feel the same way (although Windows' need for constant babysitting did keep the Computer Priesthood employed for about 30 years).
MS philosophy (Score:2)
if you can't code, get drunk and then code.
celebrate good times