Microsoft commemorates the 20th anniversary of the Windows Patch Tuesday event.

[VNZ-EN]

The "Patch Tuesday" event is a monthly routine by Microsoft, where they provide security patches and updates for the Windows operating system and some of their other software. Typically, this event takes place on a specific Monday of each month (usually the first Monday) and has become a significant part of Microsoft's security strategy.
The patches released on Patch Tuesday are designed to fix security vulnerabilities, improve the stability and security of the operating system, and sometimes introduce new features. Patch Tuesday ensures that users can maintain the highest level of safety and stability in their systems through regular updates.

Recently, Microsoft issued a press release commemorating the 20th anniversary of the inception of Patch Tuesday and reflecting on the evolution of this event.

​

In October 2003, Microsoft initiated the Patch Tuesday event. In a blog post, John Cable, Vice President of Project Management and Windows Services and Delivery, summarized the history of providing regular security updates for Windows.

The post describes that the concept of Patch Tuesday originated on January 15, 2002, when Microsoft co-founder Bill Gates sent a memo to all company employees.

In this memo, Gates outlined the Trustworthy Computing initiative to encourage the company to create more secure software and better update methods.

Microsoft divides the development process of Patch Tuesday activities into four phases: 2003-2007, 2008-2012, 2013-2017, and 2018 to the present.

2003–2007​

• Patch Tuesday updates begin. They introduce supporting patch management processes, including Windows Update and Microsoft Update services.
• Windows Vista and later Windows 7 are released. Both incorporate enhanced security features, User Account Control (UAC), Windows Defender and improved firewall capabilities.

2008–2012​

• New out-of-band (OOB) updates address imminent threats like the Conficker worm vulnerability.
• Security Development Lifecycle expansion provides a robust set of best practices and guidelines for developing secure software.
• New tools help organizations deploy and assess the status of security updates. These include Windows Server Update Services (WSUS) and the Microsoft Baseline Security Analyzer (MBSA).
• Windows 8 features improve security measures. We welcome Secure Boot, Windows Defender enhancements and further developments in User Account Control (UAC).

2013–2017​

• Windows 10 is introduced. It represents a fundamental shift towards a “Windows as a service” model. It’s accompanied by the inaugural release of the Windows update history pages, more commonly known as release notes.
• New security enhancements aim to provide stronger protection against malware, unauthorized access and credential theft. Device Guard, Credential Guard and Windows Hello are developed and released.
• Windows Update for Business goes live. It allows organizations more control over when and how to deploy Windows updates.
• The quality and reliability of security updates continue to be the focus of the conversation. “In each new monthly quality update, we add another layer of security, one that tracks emerging and changing trends in malware and viruses” (John Cable, September 20, 2017).
• We take proactive steps to bolster transparency and align with General Data Protection Regulations (GDPR). Organizations gain the confidence they need to keep devices up to date.

2018–Present​

• An industry-wide collaboration begins around proactively patching firmware. It follows a public disclosure of Spectre & Meltdown hardware vulnerabilities. Monthly quality updates serve as a tool to expand microcode updates to devices.
• The use of machine learning optimizes Windows update experiences as proactive measures across Windows updates continue. AI becomes a tool to serve Windows 10 feature updates.
• Rigor and transparency grow: “The scale and diversity of the Windows ecosystem requires us to take a data-driven approach to quality and to leverage automation for testing, validation and distribution” (Mike Fortin, former CVP, December 10, 2018). The discussion of quality validation efforts via Patch Tuesday includes the Pre-release Validation Program (PVP), Depth Test Passes (DTP), Monthly Test Passes (MTP), the Windows Insider Program (WIP) and the Security Update Validation Program (SUVP).
• Windows release health dashboard offers everyone a single pane of glass to view known issues across feature and monthly quality updates.
• In response to 2020’s COVID-19 emerging pandemic, remote work-related tools receive greater focus. We address vulnerabilities in Remote Desktop Services and Microsoft Teams, as well as extend End of Support for certain active versions of Windows.
• Known Issue Rollbacks (KIRs) help devices quickly return to a productive state if inadvertently impacted by an update issue.

• In August 2022, the newly announced safeguard holds with Windows Update for Business deployment service help organizations with rolling out updates.
• That same year, Unified Update Platform (UUP) on premises is available for commercial organizations as a public preview. Integrated with Windows Server Update Services (WSUS) and Configuration Manager, it simplifies quality and feature update deployment. It hits General Availability in 2023.
• Windows Autopatch emerges as a growing part of the Patch Tuesday experience.
• Microsoft launches the Secure Future Initiative across Microsoft to pursue our next generation of cybersecurity protection.

Source : https://blogs.windows.com/windowsex...lecting-on-20-years-of-windows-patch-tuesday/