Microsoft announced at the recent Ignite conference that the days of monthly patch updates would be scrapped in favour of 24/7 updates, for Windows 10 at least. Since announcing the news, there’s been many arguing the potential pros and cons of moving to a continuous update cycle and for end users. I think this is a great thing but, for IT managers, it’s the worst thing.

Traditionally, you pool a collection of patches into a baseline and roll that baseline out once a month following Patch Tuesday, based on ranking patches by CVSS and severity ratings.  These baselines can take weeks to compile due to testing before roll out, so if Microsoft begins releasing patches on an ad-hoc basis, IT teams will have to continually re-run baselines throughout the month.Some businesses won’t be in a position to run multiple baselines per month to remain up to date and have to wait until the next patching cycle is scheduled – patching multiple times per month means downtime. The problem here is that once Microsoft issues a patch, it lets the whole world know that a vulnerability exists within a particular product. We already know that exploits targeting vulnerabilities go up after each Patch Tuesday, as hackers look to exploit weaknesses in Microsoft’s products. This will be exacerbated by a continuous update cycle.

However, with fewer patches to roll out at any one time, there’s less chance of compatibility issues being encountered with a patch. Patch baselines will be smaller, so testing and roll out will be more controlled and faster, so it will improve change management success. In addition, the impact on the network is reduced, as baseline file sizes will be much smaller.

It remains to be seen how successful continuous patch updates will be, but it will mean IT departments will need to change the way they approach patching.

Read the full article at