#PatchTuesday - it's real!
If you are in the IT industry, you've heard of Patch Tuesday or know it too well. It was started by Microsoft way back in 2003 to consolidate updates to important applications created by them. It was initially done as a cost-saving to release all the updates simultaneously. Instead of having many mini-launches throughout the month, the thought was to organize one big launch for all the past month's updated patches. This included upgrades to the applications as well as the often-needed security patches to fix issues with security holes that had been identified.
The tradition continues on the second Tuesday of each month at 10 AM PST. Administrators prepare for these releases in order to carry out their much-needed software fixes! This is a highly anticipated and planned few days of work to ensure patches are tested and applied as quickly as possible. Testing the patches is very important and doesn’t always allow for immediate implementation of the fixes. Environments with high availability requirements must test these fixes to ensure that they do not cause additional incompatibilities, security issues, or outages. Once tested, then they can be safely implemented.
What should you do as a user of a computer when Patch Tuesday rolls around?
Well, first and foremost, be familiar with the Windows updates portion of your PC.
Simply navigate to the search bar on your Windows toolbar.
Type in Windows Update, and you should see an option to select the Windows Update menu. It should look similar to the image below. However, based on your version of Windows, it might appear slightly different. Navigating the different versions is pretty simple, though.
Once the Windows Update screen comes up, it will either automatically begin to check for the updates, or you may have to click on the "check for updates" button. Either way, once the update has had a chance to verify your versions vs the newly released patches, you will be good to go. You can then update the system.
Ideally you should have something that looks like this when it is done.
Some advanced options exist to automate the download of updates so that you can almost set it and forget it. This can be a good option for most people. Some people, however, want to hold off on the initial download of updates to avoid potential issues that can be realized following the release of the updates and patches. This comes from years of issues that have occurred following released updates. Learn from your mistakes, I guess. That being said, it's a tricky game to play. This is the decision of dealing with a potential compatibility issue from the update or security patch or dealing with the potentially poorly running application or a security breach due to not updating when it is released. I can tell you from a security perspective as soon as a security vulnerability is known and it is a significant one, all the attacker's devices switch their activities to that attack method. We saw this with the log4j vulnerability in Dec of 2021. Devices that were seen constantly scanning for open ports were suddenly all trying to take advantage of the log4j vulnerability. It was within hours that we saw the change occurring.
My Recommendation: patch early and patch often.
What about Apple? Do they have a Patch Tuesday equivalent?
Apple does not maintain a schedule like Microsoft does for security patches and updates. However, they have a mailing list you can subscribe to that sends notifications to notify and encourages updating your devices. Usually, between July and November, Apple releases an Operating System (OS) update. Although there really is no set schedule that I am aware of. Auto Pushing updates and patches have also become common on Apple devices as well if you set it up that way.
My Recommendation: patch early and patch often.
Let’s not forget about Google Chrome!
While we are talking about Patch Tuesday, it is helpful to know how to update your Google Chrome as well. This will update you to the latest version of the browser. This is a good idea because of Google’s rigorous patching for security vulnerabilities that are found.
Once you open your browser, click on the three little dots in the upper right-hand corner of the browser window.
Navigate down to the settings selection on the menu bar, as seen below.
Once you click on the settings option, you will be in the Google Chrome settings menu. All the way at the bottom, you will see the “About Chrome” selection. Click on that. It will automatically update and make sure that you have the most up-to-date version of Google Chrome so you can browse and feel safer.
Once the update is complete, here is the screen you will see.
That is really it!
Obviously, there are always opportunities to update any software application on your computer, but these take care of a large portion of your needs for updating.
One last piece of advice that bares repeating: patch early, patch often also comes with another piece of advice. If your device is notifying you of a system update, don’t push it off until later. Click to accept the update, then put down your device and do something else while it does its deal to update you and potentially keep your device safer. This is a small price to pay for protection and good functionality.
Thank you, Microsoft, Apple, and Google, for keeping us up-to-date and patched.
Long live Patch Tuesday! #BeCyberSmart