This yr marks an important milestone for the historical past of Microsoft, the Windows product and for better computing: 20 years of Patch Tuesday updates. With greater than 1.4 billion month-to-month energetic Windows gadgets in service, and billions extra gadgets served alongside the journey of Windows, our objective is to maintain customers all over the world protected and productive.
In as we speak’s safety local weather, our work throughout the corporate and better {industry} to maintain this crucial ecosystem safe is extra essential than ever. And whereas we additionally ship bug fixes and different new options by way of steady innovation, in the long run safety is job one. Monthly Patch Tuesday updates function a car for simply that. Created from a 2002 company-wide initiative, Patch Tuesday has turn out to be a well known {industry} normal, protecting not simply Windows however the folks, firms and establishments that depend upon it protected and productive for 20 years.
In this text, we’ll share a bit on the historical past of Patch Tuesday and the way it continues to evolve by way of a principle-based strategy.
Patch Tuesday’s origin and historical past
On January 12, 2002, Bill Gates revealed a company-wide e-mail asserting the creation of the Trustworthy Computing (TwC) initiative. It represented a paradigm shift, pushing safety groups to shift their pondering towards securing options themselves throughout the breadth of our merchandise. From this essential initiative, we consolidated our safety replace course of right into a predictable cadence of month-to-month Patch Tuesday updates. Highlights from the 20-year tenure of Patch Tuesdays under present the continuing evolution of this crucial, well-established follow:
2003–2007
- Patch Tuesday updates start. They introduce supporting patch administration processes, together with Windows Update and Microsoft Update providers.
- Windows Vista and later Windows 7 are launched. Both incorporate enhanced safety features, User Account Control (UAC), Windows Defender and improved firewall capabilities.
2008–2012
- New out-of-band (OOB) updates tackle imminent threats just like the Conficker worm vulnerability.
- Security Development Lifecycle enlargement supplies a strong set of greatest practices and pointers for growing safe software program.
- New instruments assist organizations deploy and assess the standing of safety updates. These embrace Windows Server Update Services (WSUS) and the Microsoft Baseline Security Analyzer (MBSA).
- Windows 8 options enhance safety measures. We welcome Secure Boot, Windows Defender enhancements and additional developments in User Account Control (UAC).
2013–2017
- Windows 10 is launched. It represents a basic shift in the direction of a “Windows as a service” mannequin. It’s accompanied by the inaugural launch of the Windows replace historical past pages, extra generally often known as launch notes.
- New safety enhancements intention to offer stronger safety in opposition to malware, unauthorized entry and credential theft. Device Guard, Credential Guard and Windows Hello are developed and launched.
- Windows Update for Business goes stay. It permits organizations extra management over when and easy methods to deploy Windows updates.
- The high quality and reliability of safety updates proceed to be the main target of the dialog. “In each new monthly quality update, we add another layer of security, one that tracks emerging and changing trends in malware and viruses” (John Cable, September 20, 2017).
- We take proactive steps to bolster transparency and align with General Data Protection Regulations (GDPR). Organizations acquire the boldness they should maintain gadgets updated.
2018–Present
- An industry-wide collaboration begins round proactively patching firmware. It follows a public disclosure of Spectre & Meltdown {hardware} vulnerabilities. Monthly high quality updates function a device to develop microcode updates to gadgets.
- The use of machine studying optimizes Windows replace experiences as proactive measures throughout Windows updates proceed. AI turns into a device to serve Windows 10 characteristic updates.
- Rigor and transparency develop: “The scale and diversity of the Windows ecosystem requires us to take a data-driven approach to quality and to leverage automation for testing, validation and distribution” (Mike Fortin, former CVP, December 10, 2018). The dialogue of high quality validation efforts by way of Patch Tuesday consists of the Pre-release Validation Program (PVP), Depth Test Passes (DTP), Monthly Test Passes (MTP), the Windows Insider Program (WIP) and the Security Update Validation Program (SUVP).
- Windows launch well being dashboard gives everybody a single pane of glass to view recognized points throughout characteristic and month-to-month high quality updates.
- In response to 2020’s COVID-19 rising pandemic, distant work-related instruments obtain better focus. We tackle vulnerabilities in Remote Desktop Services and Microsoft Teams, in addition to lengthen End of Support for sure energetic variations of Windows.
- Known Issue Rollbacks (KIRs) assist gadgets shortly return to a productive state if inadvertently impacted by an replace situation.
Though there are extra highlights and lowlights alongside that journey, Microsoft stays dedicated to our mission. Our investments assist each particular person and group all over the world to attain extra, whereas staying protected and productive with Windows.
Our principle-based Patch Tuesday evolution
The notions of safety and productiveness have developed as drastically because the world of know-how. As Brad Smith not too long ago shared in his Nov. 2 weblog put up A brand new world of safety: Microsoft’s Secure Future Initiative, these efforts are solely intensifying. This means nice challenges and alternatives for Microsoft’s imaginative and prescient to align on empowering everybody to attain extra by way of its merchandise, together with Windows.
Windows is a crucial device and extra essential than ever to how of us work and play. We will proceed to concentrate on evolving the replace expertise. Specifically, we’ve raised the standard of studying, adapting and serving our more and more various buyer base all over the world, adhering to 4 rules for the month-to-month Windows servicing course of:
- Predictability: The Windows month-to-month launch cadence ought to align predictably to the second Tuesday of each month.
- Simplicity: Everyone ought to be capable of handle to a easy, common and constant patching expertise. Doesn’t matter if you happen to’re a person Windows person or an IT supervisor overseeing your group. You shouldn’t have to cease what you’re doing to scrupulously take a look at an replace earlier than deploying it.
- Agility: In as we speak’s computing panorama, safety threats demand fast responses. We should present all Windows customers with updates shortly with out compromising high quality or compatibility.
- Transparency: To simplify the replace course of for people and for companies massive and small, everybody ought to have entry to as a lot info as they want. You ought to be capable of perceive updates prematurely. This consists of complete but clear launch notes, guides for widespread servicing instruments, entry to help and a suggestions system.
Releasing month-to-month Windows updates of the very best high quality stays crucial. Our dedication to enhancing and evolving Windows patch high quality informs efforts and dedication in the direction of fast detection of points, speedy mitigations, clear and prescriptive communications, and continued studying and enhancements. With new hotpatching applied sciences proving themselves throughout Azure Fleet and Windows Server Azure Edition, the longer term for patching is vivid as we proceed to pursue quick, dependable, safe updates for the very best replace expertise. We’re additionally investing in new AI know-how and expertise, in addition to in management and cross-team partnerships, to make sure that we are able to maintain you protected and productive for the following 20 years of Windows.