Credit: Michael Hiemstra (modified)
Patch Tuesday is not dead.
That's what experts have now concluded, even though Microsoft will not say straight out if it plans on upending the 12-year practice of providing security patches on the same day each month to everyone.
With Windows 10's launch only two days away -- the new operating system will debut July 29 on previewers' PCs -- the question of whether Patch Tuesday lives and breathes, or will die a sure death, maybe quickly, maybe slowly, still remains officially unanswered.
But security professionals and industry analysts have come to the conclusion that Patch Tuesday will continue, possibly in the same form it has since 2003.
"Patch Tuesday is not going away any time soon," said Chris Goettl, product manager for patch management vendor Shavlik. "It's been blown out of proportion."
"Patch Tuesday" is the label that's been stuck to the second Tuesday of each month, the day Microsoft has issued its security updates since 2003. (Microsoft prefers the more upbeat "Update Tuesday.") The practice was begun to make patching more predictable, especially for businesses -- the Redmond, Wash. company's biggest and best customers -- who generate the bulk of the firm's revenue.
Two months ago, Patch Tuesday's survivability seemed in doubt after Windows Chief Terry Myerson said, "We're not going to be delivering all of the updates to all of these consumers on one day of the month," when talking about changes to Windows Update under Windows 10.
Observers used that comment to conclude that Microsoft was killing Patch Tuesday and would instead roll out security fixes as soon as they were ready, returning to its pre-2003 practice. Two weeks ago, when Microsoft shipped its July batch, some marked it as the last-ever Patch Tuesday.
Hold the phone, security experts said. While they agreed that Patch Tuesday would be moot for consumers on Windows 10, even in May they were certain it would remain a factor for businesses, although fixes would be available as they exited Microsoft's testing.
Microsoft hasn't been any help. This week, it again declined to answer questions about when and how security updates would be distributed to Windows 10 devices.
When asked whether security updates would be offered to all Windows 10 users on the second Tuesday of each month, or issued to all users as the fixes are completed and approved by Microsoft, a spokesman would not address the question. Instead, he said, "With Windows 10, we will deliver ongoing innovations and security updates. Frequency and delivery of updates may vary based upon the update."
That varied delivery he mentioned would not be any different than the company's current policy, which at times steps outside the Patch Tuesday schedule to ship rush fixes, or so-called "out-of-bound" updates. It did that just this week when it released an emergency update to all Windows editions.
Sign up for CIO Asia eNewsletters.