Rob Brown, Director of Services at Verismic and Patch Management expert, discusses the potential impact Microsoft’s announcement will have on IT Managers and System Administrators.
At the Ignite conference a few weeks ago, Microsoft announced that it would be doing away with Patch Tuesday for Windows 10. Of course, they’re not getting rid of patch updates altogether, but they will be moving to continuous 24/7 updates over the monthly update cycle it currently has. Since announcing the news there’s been a lot of comments from IT professionals discussing the potential pros and cons of moving to a continuous update cycle, and I personally think it’s absolutely a great thing for end users and consumers but, for IT managers, it’s the worst thing.
Traditionally, you pool a collection of patches into a baseline and roll that baseline out once a month following Patch Tuesday, prioritizing patches by CVSS and severity ratings. These baselines can take weeks to compile due to testing before roll out, so if Microsoft begins releasing patches on an ad-hoc basis, IT teams will have to continually re-run baselines throughout the month.
Some business won’t be in a position to run multiple baselines per month to remain up to date and will have to wait until the next patching cycle is scheduled – patching multiple times per month means downtime. However, Microsoft isn’t forcing businesses to use this model, and update cycles can remain as a monthly update process.
The problem here is that once Microsoft issues a patch, it lets the whole world know that a vulnerability exists within a particular product. We already know that exploits targeting vulnerabilities go up after each Patch Tuesday, as hackers look to exploit weaknesses in Microsoft’s products. This will only be exacerbated by a continuous update cycle.
However, on the plus side, with fewer patches to roll out at any one time, there’s a smaller chance of compatibility issues being encountered with a patch. Patch baselines will be smaller, so testing and roll out will be more controlled and faster, so it will improve change management success. On top of this, the impact on the network will be reduced, as baseline file sizes will be much smaller
Of course, there’s no need to worry just yet – Windows 10 is yet to be released, so it remains to be seen how successful continuous patch updates will be.
Look out for further updates and handy tips on Patch Management from Rob Brown or Patch Management Services information at http://verismicblog.com/