Why Microsoft Isn’t Issuing Advance Patch Tuesday Bulletins Any More

Why Microsoft Isn’t Issuing Advance Patch Tuesday Bulletins Any More
Facebook may have decided that you shouldn’t see the news, but we think you deserve to be in the know with Lifehacker Australia’s content. To sign up for our daily newsletter covering the latest news, hacks and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Lifehacker Australia homepage to visit whenever you need a fix.

On the second (US) Tuesday of each month, Microsoft issues its Patch Tuesday updates. In the past, it has provided advance notification of which products will be affected — but now that’s only going to be available to Premium customers.

Tuesday picture from Shutterstock

Microsoft announced the changed approach in a blog post. Its argument is that most people don’t pay attention anyway. “While some customers still rely on ANS, the vast majority wait for Update Tuesday, or take no action, allowing updates to occur automatically,” the post noted.

There’s an undeniable logic to not providing full details of patches until after they have become available — that reduces the possibility of vulnerabilities being exploited before a fix is available. And the information will still be available once the patches are released (so that’s when we’ll be writing about them). However, given how often people screw up the basics in security, I’m not entirely comfortable with producing less public information about what’s happening. What do you think?


  • I’ve always liked the advance notifications. We run a 24 hour operation and they allow us to plan ahead based on the criticality of the vulnerabilities the updates are patching. Microsoft define something as “critical” when it’s remotely exploitable by an attacker without requirement for user intervention. We need those rolled out sooner rather than later, and by knowing in advance which products are affected, we can identify which business units will be most impacted by reboots.

  • And the other argument: Microsoft has recently had to recall more than one patch because it caused issues for a fair chunk of their user base. This way they get more testing time before they’re locked into releasing the patch.

Show more comments

Comments are closed.

Log in to comment on this story!