Patch Tuesday survives for Windows 10

Patch Tuesday, contrary to expectations earlier this year, survived after Microsoft yesterday delivered security updates not only for the legacy editions of Windows, but also for the new Windows 10.

For now, Patch Tuesday — Microsoft prefers “Update Tuesday” for some reason — lives.

In a large release yesterday, Microsoft issued 14 security updates for Windows PCs, distributed individually to older OSes like Windows 7 and 8.1, and as a six-bulletin bundle for Windows 10.

Patch Tuesday is the marque long applied to the second Tuesday of each month, the date Microsoft delivers its security updates. Patch Tuesday has been part of the Windows landscape since 2003, and will celebrate its 12th anniversary in October.

Questions about Patch Tuesday’s survivability began in May, after Terry Myerson — then the head of Microsoft’s operating system group, but who has added devices to his portfolio — seemed to say that the practice was history. “We’re not going to be delivering all of the updates to all of these consumers on one day of the month,” Myerson said three months ago while talking about changes to Windows Update under Windows 10.

At the time, Microsoft declined to elaborate, or say on what schedule it would distribute security updates for the new OS.

Rather than wait for the next Patch Tuesday to roll around, security professionals thought then, Microsoft would follow in the footsteps of browsers like Google’s Chrome and to a lesser extent, operating systems like Apple’s OS X and iOS, and release fixes as soon as they’re ready.

That, however, generated other questions. If Microsoft shipped-when-ready for Windows 10, would it do the same for older editions? And if not, would that give attackers insights into vulnerabilities that had not yet been quashed on, say, Windows 7?

Two months later, some of those same security experts sang a different tune, saying that they expected Patch Tuesday to continue.

From Microsoft’s approach yesterday — August’s Patch Tuesday — the event has survived.

Yet there remains ambiguity about Microsoft’s intentions. Although the Redmond, Wash. company shipped the six — out of 14 — security updates that applied to Windows 10 yesterday, it had also identified several of the OS’s July updates as security related, or containing security content.

On an up-to-date device running the Insider build of Windows 10, Windows Update showed seven updates from mid-July tagged with the “Security Update for Windows 10” label.

Those updates were limited to Windows 10 only, and were not matched with comparable security updates on Windows 7 or 8.1. (Some of the Windows 10 updates, however, were accompanied by cryptic descriptions that alluded to patches that had been issued to Windows 7 and 8.1 on July 14, that month’s Patch Tuesday.)

Last month, just five days before Windows 10’s production-grade build began reaching some customers, Microsoft again declined to say whether security updates would be offered to all Windows 10 users on the second Tuesday of each month, or issued to all users as the fixes were completed and approved by Microsoft. Instead, a spokesman said, “With Windows 10, we will deliver ongoing innovations and security updates. Frequency and delivery of updates may vary based upon the update.”

But for this month, at least, Patch Tuesday remains very much alive for Windows 10.