On the second Tuesday of each month, Microsoft and other tech companies release patches for consumer and enterprise users. These updates, including bug fixes and security enhancements from the previous month, are known as “Patch Tuesday.” The monthly update is an important opportunity to ensure that security features and applications are up to date.
Microsoft details the official Patch Tuesday release in their Security Update Guide. Below, TechRepublic explores its purpose, how it works, and how you can prepare for it.
What is the purpose of Patch Tuesday?
Patch Tuesday is designed to collect and release many enterprise software updates simultaneously. While some updates are urgent enough to require immediate attention throughout the month, non-urgent or quality-of-life fixes are consolidated for release on Patch Tuesday.
“Whether you’re an IT administrator or a general user, Windows monthly updates provide you with the security fixes to help keep your devices protected—as well as enhancements based on your feedback,” wrote Microsoft Senior Director of Communications Chris Morrissey in a 2023 blog post.
Patch Tuesday is technically known as Microsoft’s “B” release,” as opposed to “C” and “D” releases, which occur during the third and fourth weeks of the month. Other companies, including Adobe, have followed Microsoft’s lead in rolling out mass patches on the second Tuesday of each month.
What to know
How does Patch Tuesday work?
Administrators and users can access these updates through various tools, including:
- Windows Update
- Windows Update for Business
- Microsoft Intune
- Microsoft Configuration Manager
- Windows Server Update Services (WSUS)
- The Microsoft Update Catalog
Before rolling out patches across an organization, administrators should test them in an isolated environment and a small test group. Additionally, administrators should have a rollback plan in place if issues arise.
SEE: Microsoft power users may want to watch for monthly PowerToys updates.
Since exploits from the previous month are detailed on Patch Tuesday, the following day often sees a spike in copycat attacks targeting unpatched systems. Organizations should prioritize applying critical security updates to mitigate this risk.
As of the February 2023 commercial control update, administrators have some control over which patches to immediately apply. This allows for flexibility in managing updates that introduce new capabilities, remove existing ones, or significantly alter user-facing features, such as the start menu.
What is the difference between Patch Tuesday and out-of-band updates?
Along with the letter naming system for releases, you might hear the term “out-of-band release” when it comes to patches. Out-of-band releases are not sent out on a schedule like the planned monthly patches. Instead, atypical updates may be sent out at any time to address an ongoing security or quality issue.
How can I prepare for Patch Tuesday updates?
Admins should have a process for applying Patch Tuesday updates, but these processes will differ based on the organization’s size and needs. Some patches should be applied right away — especially with security fixes for backdoors that are being actively exploited. Admins might want to wait to deploy non-critical patches in case Microsoft issues any revisions.