Patch Tuesday occurs every second Tuesday of the month in North America.
Sometimes called “Update Tuesday,” Patch Tuesday is an unofficial term for the day when Microsoft releases update packages for the Windows operating system and other Microsoft software applications, including Microsoft Office.
As Microsoft patches security vulnerabilities, it doesn’t release those patches immediately. Instead, the company gathers those fixes into a larger update, which is released on Patch Tuesday.
Microsoft does this to make the update process as predictable as possible for administrators. IT professionals know that patches will arrive on the second Tuesday of each month, and they can make plans to test or install them. It makes it easier than continually applying smaller patches and more predictable than huge patches arriving on a random day of the month.
These patches are typically released during the afternoon of Patch Tuesday. By default, your PC (if left powered on and hibernation or sleep mode are turned off) will check during the late evening to early morning to apply the updates and may reboot if warranted to avoid having to reboot when you are busy working on your PC.
Patch Tuesday isn’t the only date updates arrive. In some cases, Microsoft will issue “out-of-band” updates for particularly critical security flaws, especially ones that are being exploited in the wild. Even if you do get smaller patches during the month, there’s always a bigger update coming on Patch Tuesday. It contains all the updates that didn’t have to be rushed out. Other vendors will also take advantage of this monthly update to release their updates as well.
So, why is this important? When security flaws or vulnerabilities are discovered, Microsoft works on “fixing” this flaw in secrecy before the hackers find the hole and exploit it. Hackers also know that once a patch has been published, the clock is running for them to try to take advantage of computers that haven’t been patched. When the “Wannacry” malware attack occurred, 200,000 computers were affected because these were “not” patched. Microsoft had released the patch weeks prior to the attack, but some computers had not applied this update for various reasons. So, it is very important that everyone patch their PCs as soon as possible. Fear of what might be affected on your PC should not be the reason you delay the updates. The hackers certainly will be looking for opportunities like this.
That said, Microsoft only patches the operating system for so long. The EOL “End of Life” for various operating systems occurs when new releases of Windows are developed. For instance, Windows 7 and Microsoft Server 2008 will no longer receive “free” patches past January 14th of 2020. While it may be possible to purchase continued support, the better strategy is to upgrade the operating system or buy new equipment.