It's the beginning of the end for the Patch Tuesday era. Microsoft announced this week at its Ignite event that beginning with the forthcoming Windows 10 operating system, individual security updates would be released as soon as they were available, instead of in a big collection once a month.
Patch Tuesday has been a standard part of the security department's rhythm for 12 years. Long before the record-breaking 64-vulnerability Patch Tuesday in April 2011, and the 66-vulnerability Tuesday in June 2014, which included 59 holes in Internet Explorer alone. Before Microsoft stopped supporting Windows XP in April 2014, and released an out-of-band fix for XP just a few weeks later.
No more frenetic scrambling to deploy a stack of critical updates at the same time. No more burgeoning dread that attackers are already exploiting a vulnerability that you won't know about or get a patch for until the second Tuesday of the following month: At least that's the goal of the new Windows Update for Business.
The patches will be available sooner, but administrators still decide when and how to deploy them; Windows Update for Business provides some new tools to help do that. Admins can prioritize which client machines get updated first and set maintenance windows to determine when updates should and should not take place.
Update for Business integrates with System Center and Enterprise Mobility Suite. It also offers peer-to-peer delivery to make the patching process for remote offices more efficient.
"Windows 10 follows the path first taken by the smartphone sector where iPhones, Androids, and Windows phones were pioneered to receive updates as soon as they become available," says Qualys CTO Wolfgang Kandek. "This strategy has worked out exceptionally well, as we generally see smartphone malware infections under 0.75 percent – 0.03 percent in the recent Verizon Data Breach Investigation Report.
"Together with making Windows 10 widely and freely available," says Kandek, "this is an excellent move by Microsoft to increase security on the Internet."
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio