Microsoft Patch Tuesday是一个非官方术语,指的是(Microsoft Patch Tuesday)Microsoft为其产品(包括(Microsoft)Windows和Office )推出更新的那一天。这是微软(Microsoft)自 2003 年以来一直遵循的时间表,就像发条一样。与任何其他软件一样,Windows会暴露自己的一组漏洞,并且微软会在每周(Microsoft)二(Tuesday)为这些漏洞推出修复程序。
微软周二补丁
随着新的安全漏洞和错误的发现,Microsoft开发团队会为其开发修复程序。这些更新作为重要更新在每个月的第二个星期二(Tuesday)(美国时间)发布。我相信您听说过诸如修补程序、零日漏洞修复、漏洞利用等术语。
微软(Microsoft)不断积累这些补丁是有原因的。它可以帮助公司降低分发补丁的成本,并让 IT 管理员知道最有可能随之而来的更新。查看发行说明,他们可以采取相应的行动。如果漏洞严重,发行(Release)说明可能会延迟发布。由于更新是在周二(Tuesday)发布的,它给了 IT 管理员足够的时间,在周末之前,从升级可能导致的任何问题中恢复,并报告回来。
这是我在星期二发现的关于(Tuesday)Patch的一件有趣的事情。许多公司将安全更新与 Microsoft 的每月周期保持一致。如果您注意到某些产品通过Windows Update获取更新,那是因为它与Microsoft Update链接。
周二补丁更新(Patch Tuesday Updates)有多重要?
极其!由于安全修复程序在这些更新中占主导地位,因此您不希望计算机上的数据被勒索软件(Ransomware)或允许远程代码执行的错误破坏。始终确保尽快安装累积更新。即使您已暂停更新,(paused the updates)安全(Security)更新仍然可用,因为它们会对您的计算机构成威胁。
这些更新仅适用于受支持的Windows版本,或者如果您购买了(Windows)Windows 7等过时版本的支持订阅。运行旧版本的Windows或不受支持的Windows 10功能(Feature)更新可能会导致零日攻击。从Windows 10开始,Microsoft已确保它将强制更新任何超过 18 个月的Windows 10版本。(Windows 10)
周二补丁时间表
它通常在每个月的第二个星期二(Tuesday)(美国时间)交付——但众所周知,它们也会在第四个星期二(Tuesday)交付。也就是说,根据您所在的时区,您也可以在周三(Wednesday)看到它。补丁星期二(Tuesday)更新一旦准备好就会提供给普通消费者。企业(Enterprise)会收到有关它的通知。他们可以根据自己的时间表选择何时滚动更新。
Microsoft会在家庭用户准备就绪后立即向其发布安全更新,而企业客户则保持每月更新周期——称为企业(Business)版Windows 更新(Windows Update)。
有时,漏洞报告会公开发布。如果它很重要,Microsoft可能会立即推出安全更新。
Microsoft有一个专门的网页,其中列出了Patch Tuesday Schedule。它可以在这里找到(here)。
利用星期三
大多数情况下,Microsoft 都会(Microsoft)包含其补丁的发行说明。它为攻击者提供了一个明确的想法,让他们了解修复的内容,从而导致Exploit Wednesday。这是一个非官方术语,这些补丁星期二更新(Patch Tuesday Updates)由攻击者进行测试。这有助于利用开发人员立即利用先前未公开的漏洞。因此,如果您跳过周二(Tuesday)的更新,可能会适得其反。
微软的Patch Tuesday能否跟上不断变化的世界?
像利用星期三(Exploit Wednesday)这样的情况和攻击数量的增加带来了一个问题——它能否跟上?它可以继续进行,但更新的质量需要更加精确。如果安全补丁造成问题,它就会成为一把双刃剑。IT 管理员无法升级,并且容易受到安全威胁。
最近的补丁更新之一是2019 年 10 月(October 2019),导致政府货物跟踪系统出现问题。他们必须删除更新才能解决问题。
虽然应尽快部署已报告漏洞的修复程序,但对于Microsoft和Enterprise来说,管理它们成为一个问题。
只有时间才能说明微软如何随着时间的推移而发展,以及我们将在星期二补丁中看到的变化。(Only time will tell how Microsoft evolves with time, and the changes we will see when it comes to Patch Tuesday.)
What is Microsoft Patch Tuesday? Patch Tuesday Schedule
Microsoft Patch Tuesday is an unofficial term for the day when Microsoft rolls out updates to its products including Windows and Office. It’s a schedule that Microsoft has been following since 2003 like clockwork. Like any other software, Windows exposes its own set of vulnerabilities, and Microsoft rolls out fixes for them, every Tuesday.
Microsoft’s Patch Tuesday
As new security vulnerabilities and bugs are discovered, the Microsoft development team develops fixes for them. These updates are released as a significant update every second Tuesday of each month (US time). I am sure you have heard of terms like hotfixes, fix for zero-day vulnerability, exploits and more.
There are reasons why Microsoft keeps cumulating these patches. It helps the company to reduce the cost of distributing patches, and give IT admins an idea that an update will most probably follow. Looking at the release notes, they can act accordingly. Release notes may come out late if the vulnerability is severe. Since the update is released on Tuesday, it gives IT admin enough time, before the weekend, to recover from any problem the upgrade would have caused, and report it back.
Here is an interesting thing which I found about Patch on Tuesday. A lot of companies align security updates with Microsoft’s monthly cycle. If you have noticed some products getting the update through Windows Update then its because it linked with Microsoft Update.
How vital are Patch Tuesday Updates?
Extremely! Since security fixes dominate these updates, you do not want data on your computer to be ruined by a Ransomware or a bug that allows remote code execution. Always ensure that you install the cumulative updates as soon as possible. Security updates become available even if you have paused the updates as they pose a threat to your computer.
These updates are rolled out only for supported versions of Windows or if you have purchased a support subscription for outdated versions like Windows 7. Running an older version of Windows or unsupported Feature update of Windows 10 can result in a Zero-day attack. Starting with Windows 10, Microsoft has made sure that it will force update any version of Windows 10 which is older than 18 months.
Patch Tuesday Schedule
It is usually delivered on every second Tuesday of each month (US time) – but they have been known to be delivered on the fourth Tuesday as well. That said, depending on your time zone, you could see it on Wednesday as well. Patch Tuesday updates are made available to general consumers as soon as they are ready. Enterprise gets notifications about it. They can choose when to roll the update according to their schedule.
Microsoft releases security updates to home users as soon as they are ready, while enterprise customers stay on the monthly update cycle – referred to as Windows Update for Business.
Sometimes the report of vulnerability is released in public. In case it is critical, Microsoft may roll out the security update right away.
Microsoft has a dedicated webpage where it lists the Patch Tuesday Schedule. It is available here.
Exploit Wednesday
Most of the time, Microsoft includes release notes for their patches. It gives a clear idea to attackers on what was fixed, which results in Exploit Wednesday. It is an unofficial term where these Patch Tuesday Updates get tested by attackers. This helps exploit developers to immediately take advantage of the previously undisclosed vulnerability. So if you skip Tuesday updates, it can backfire.
Can Microsoft’s Patch Tuesday keep up with the changing world?
Situations like Exploit Wednesday and an increased number of attacks brings up one question—can it keep up? It can keep going, but the quality of updates needs to be more precise. If a security patch creates a problem, it becomes a double-edged sword. IT admins cannot upgrade, and they are open to a security threat.
One of the recent patch update, October 2019, results in problems for government cargo tracking system. They had to remove the update to resolve the issue.
While releasing a fix for a reported vulnerability should be deployed as soon as possible, it becomes a problem managing them for both Microsoft and Enterprise.
Only time will tell how Microsoft evolves with time, and the changes we will see when it comes to Patch Tuesday.