The Aftermath of Patch Tuesday
As any IT professional likely knows, Microsoft releases its security patches on the second Tuesday of every month. Known as Patch Tuesday, the occasion sends IT admins scrambling to deploy these patches before hackers can launch attacks against the newly announced vulnerabilities.
Patch Tuesday is particularly huge at Shavlik, a patch management vendor, as its customers use its products and services to help ease the burden of Patch Tuesday.
"Basically, [on] Patch Tuesday, my team runs about 24 to 36 hours straight going as fast as they can to get this stuff out there," said Jason Miller, senior data team leader for Shavlik Technologies. He added that these sleep-deprived sessions are fueled by a great deal of junk food and caffeine.
"At noon Central time, Microsoft officially releases the patches. We start a marathon and a sprint at that point – getting all this information, trying to figure out which ones are the biggest and baddest and making sure we get those done as soon as possible, and then have a team come in to test all this and look at these patches. We're also getting feedback to Microsoft if we're not seeing any of this working correctly." The team stays on task until it can release this data to its customers, no matter how long it takes.
A big part of the challenge here is that not much is known about the patches prior to release. Only a small preview is provided ahead of time.
"The Thursday before Patch Tuesday, Microsoft will give an advance notification to give you a little bit of a heads up," Miller said. "[It's] not the details, but how big it is going to be and some of the products that might be affected on your network. So it's preparing yourself mentally and also preparing your network knowing that Patch Tuesday's coming up; you're going to have a new batch of patches that you're going to have to prepare for. I use the analogy of Christmas; you go under the Christmas tree and know how many presents you're getting, but you don't know what's in there."
According to Miller, October's Patch Tuesday was the largest in recent memory, perhaps the largest ever. "It was just brutal," he said. "A lot of admins are probably still trying to catch up on their sleep."
The reason it was so large is still somewhat of a mystery. "There's really no explanation of why there were so many; there [were] just that many vulnerabilities that Microsoft had passed," he said. "You're talking 13 bulletins; a bulletin is like a table of contents – [it] contains many patches. So if it's a patch for an operating system, it's a patch for Windows 2000, XP, through the multiples. Last month we were in the hundreds of different patches and scenarios that could happen in there."
Miller speculated that one reason for the high number of patches last month could be the high number of Microsoft products on the market right now, particularly with the recent introduction of Windows 7.
By contrast, November's Patch Tuesday was a "breather" for IT pros. "But it doesn't mean to let your guard down," Miller said "There were only six this month, but there were some big ones out there that they're going to need to pay attention to. There [are] a couple bulletins on there that you need to install pretty much immediately."
The reason for urgency is that some of the vulnerabilities being patched were disclosed by white hats not only to Microsoft but also publicly.
"You're going to see active exploits on Web sites coming up here," Miller said. "You're going to see hackers trying to take advantage of run-patch systems that haven't needed to hit a patching window or they're not patched. With patching, it's a race against time."