Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft Celebrates 20th Anniversary of 'Patch Tuesday' (microsoft.com) 17

This week the Microsoft Security Response Center celebrated the 20th anniversary of Patch Tuesday updates.

In a blog post they call the updates "an initiative that has become a cornerstone of the IT world's approach to cybersecurity." Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft's Secure Future Initiative announced this month. Each month, we deliver security updates on the second Tuesday, underscoring our pledge to cyber defense. As we commemorate this milestone, it's worth exploring the inception of Patch Tuesday and its evolution through the years, demonstrating our adaptability to new technology and emerging cyber threats...

Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner. Senior leaders of the Microsoft Security Response Center (MSRC) at the time spearheaded the idea of a predictable schedule for patch releases, shifting from a "ship when ready" model to a regular weekly, and eventually, monthly cadence...

This led to a shift from a "ship when ready" model to a regular weekly, and eventually, monthly cadence. In addition to consolidating patch releases into a monthly schedule, we also organized the security update release notes into a consolidated location. Prior to this change, customers had to navigate through various Knowledge Base articles, making it difficult to find the information they needed to secure themselves. Recognizing the need for clarity and convenience, we provided a comprehensive overview of monthly releases. This change was pivotal at a time when not all updates were delivered through Windows Update, and customers needed a reliable source to find essential updates for various products.

Patch Tuesday has also influenced other vendors in the software and hardware spaces, leading to a broader industry-wide practice of synchronized security updates. This collaborative approach, especially with hardware vendors such as AMD and Intel, aims to provide a united front against vulnerabilities, enhancing the overall security posture of our ecosystems. While the volume and complexity of updates have increased, so has the collaboration with the security community. Patch Tuesday has fostered better relationships with security researchers, leading to more responsible vulnerability disclosures and quicker responses to emerging threats...

As the landscape of security threats evolves, so does our strategy, but our core mission of safeguarding our customers remains unchanged.

This discussion has been archived. No new comments can be posted.

Microsoft Celebrates 20th Anniversary of 'Patch Tuesday'

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Sunday November 19, 2023 @04:51PM (#64016853)

    our unwavering commitment to protecting customers continues to this day

    All I see in an unwavering commitment to moving everything on the cloud, making everything subscription-based, puting Microsoft users under heavy surveillance and monetizing their data.

    Some customer protection...

    • Pity they couldnâ(TM)t celebrate but also announcing a new/updated version of WSUS server that would fix some, most or (dreams), all of the bugs and lack of functionality.

      Fix the client to actually work and self repair. A âzpatch nowâoe functionality and reports that might actually give a good overview of the patching status. Or a DB that isnâ(TM)t so brittle that with any more than a tiny amount of clients it regularly need to be maintained by âzDeinstallationâoe, rather that

    • by ls671 ( 1122017 )

      LOL! Also there sure is a lot to celebrate about all those patches! Genius to have a celebration for that, I never heard about such a thing as celebrating patches. Next, celebrate CVE alerts and advisories!

    • by kmoser ( 1469707 )
      You forgot to mention adding useless features that the customer never asked for (such as pushing ads) rather than spending those resources to fix bugs.
  • by CaptainDork ( 3678879 ) on Sunday November 19, 2023 @05:38PM (#64016901)

    I was doing Windows back when Moby Dick was a minnow. Through the years, looking at patch histories revealed a boatload of security patches. It is my opinion that MS-DOS, as a stand-alone OS, had little incentive to be secure and that indoctrination is in the DNA of Windows.

    People across the globe are finding holes in Windows every day and either Microsoft is ignorant of the weaknesses or waits for enough people to bitch before patching.

    It's 20 years of celebrating failures.

    • by AmiMoJo ( 196126 )

      DOS was a single user OS with no security or permission model. Up to Windows ME, consumer Windows were based on that.

      Windows NT was aimed at servers and workstations from the start, and adopted the (somewhat flawed) Unix security model of users and filesystem restrictions. Unfortunately, Windows XP didn't enable a lot of it due to compatibility issues. It wasn't until Windows Vista that things got really serious with security, and apps starting living in sandboxes.

      • Windows NT always had a more fine-grained permissions model than UNIX. Filesystem permissions were always ACL-based (not simple user/group/world), and fine-grained tokens could control access to different resources. The trouble is, it's complex to deal with, so too many programs will just get a token for full local admin access even if they only need access to one thing.

  • "an initiative that has become a cornerstone of the IT world's approach to cybersecurity."

    How about "an initiative that has made anyone who actually has to work with Windows dread Tuesdays"?

  • by thesjaakspoiler ( 4782965 ) on Sunday November 19, 2023 @09:20PM (#64017243)

    We always throw a party every Friday night to celebrate the ever increasing number of support tickets for our products.
    Bigger numbers are always better and just looking at the increase somewhat gives a good feeling just before the weekend.

  • Seriously?

    Celebrating the biggest critical flaw in our computer architecture, that can never produce a secure OS (Rust will help but it cant make a truly secure OS without a significant architectural change).

    Wow. Here I was seeing patch Tuesday as a necessary embarrassment and as an increasingly worrying reminder of how dangerous IT is and where we are going which is even worse.

    I will be drinking the Scotch in the corner while everyone else parties.

  • because Cisco had reserved "Backdoor Monday".

  • Other days it's every other day of the week. We're all still suffering from Satish firing most of his QA team. An example: The Security vulnerabilities in Azure that they're trying to fix now should have been discovered a long time ago.

  • I don't know if Windows Users and most IT Departments would feel the same way (although Windows' need for constant babysitting did keep the Computer Priesthood employed for about 30 years).

  • if you can't code, get drunk and then code.
    celebrate good times

The world will end in 5 minutes. Please log out.

Working...