Microsoft Kills Patch Tuesday for Security’s Purpose

With Windows 10, Microsoft plans to push out patches to users as soon as the fixes are ready, on a real-time, 24×7 basis.

At Microsoft’s Ignite conference, Executive Vice-President Terry Myerson surprised members in the audience with the news that when Windows 10 is released, Patch Tuesday will cease to exist.

Patch Tuesday

Patch Tuesday, or the second Tuesday of each month since 2003, also known as Update Tuesday has been the unofficial term used to refer to when Microsoft regularly releases security patches for its software products.

Rumors of the demise of Patch Tuesday began circulating recently, after Microsoft announced its new update service, Windows Update for Business (WUB).

“We’re not going to be delivering all of the updates to all of these consumers on one day of the month,” Myerson said of changes to Windows Update under Windows 10.

These changes are part of a radical overhaul that Microsoft is fostering when it comes to the company’s software development and release schedule. The software giant also dropped the bombshell announcement that there are no plans to release a new version of Windows every three years, after the release of Windows 10.

Microsoft has continually and for a long time, updated Windows on a regular basis, but in the form of security patches and fixes on the second Tuesday of every month. This will change however, to a real-time basis with consumers having the option to choose the frequency of the updates.

“We’ve seen some people want the software right after it finishes our testing,” Myerson said, citing the Windows 10 preview. “They don’t want to wait a second. And then we have people that are stepping back and saying, ‘Hey, work out some of those kinks, I want to make sure there are no app compatibility issues, I want to make sure there are no functional issues.'”

Some experts aren’t convinced that Microsoft is giving away its scheduled update routine.  What I don’t see is that Patch Tuesday is going away, no one has said that at all,” said Andrew Storms, vice president of security services at New Context, a security consultancy based in San Francisco. Storms clarified this, saying that consumers will, for the most part, see Patch Tuesday disappear. If they paid attention to it to begin with.

“At some point, Microsoft had to step up and release [patches] when they were ready,” said Storms. Storms cited Google’s Chrome as an example of that update model.

“Chrome and Firefox browsers do just fine at enterprises with constant/random updates pushed out,” echoed John Pescatore, director of emerging security trends at the SANS Institute, a company that specializes in information security and cybersecurity training.

With approximately 50 million lines of code, Windows is bound to have a few bugs, some of them certain to affect security. It would be ideal to have Microsoft releases patches and updates for vulnerabilities that are discovered, without consumers having to wait for the Patch Tuesday.