14 DAY TRIAL // One of the changes that Microsoft could make once Windows 10 becomes available is not necessarily related to Windows itself, but to the way we receive security updates for software developed by the company and installed on our computers.
Some people said that the new rolling release model supposed to bring us updates when they are available would bring the end for Patch Tuesday, but that won’t be the case. Microsoft has already suggested that Patch Tuesday will live on even after Windows 10 comes out, but there are a lot of things to be clarified on the way security updates will be shipped to users.
To get a better look at all these changes, we turned to Chris Goettl, product manager with Shavlik, who explained that faster security updates would become critical to Microsoft customers after Windows 10 comes out later this summer.
“I believe there are some inevitable changes coming with Windows 10. Microsoft has announced teams moving to quarterly releases for feature releases. This makes sense to reduce development time and increase efficiency for new feature development and general bug fixing. Security updates will carry more urgency and will not always wait for quarterly updates,” he told us.
Most vulnerabilities are exploited in two weeks
Goettl explained that no less than 50 percent of the vulnerabilities found in 2014 were exploited in the first two to four weeks and Microsoft usually fixed these flaws on the second Tuesday of each month. In some cases, when public disclosures are involved, there’s an even bigger risk of getting exploited.
“There will be a need to release security updates in a timely manner. Now consider the fact that companies will still need to keep certain machines to a regular maintenance schedule. This is why there will be a ‘Long term service branch’ which by its description will get a more regular cadence and security updates only for businesses to maintain their maintenance schedules,” Goettl added.
So what’s going to happen once Windows 10 comes out? Is Microsoft ready to give up on Patch Tuesday? Does the rolling release model also concern Patch Tuesday or not? How fast should we expect to get security updates?
The security expert explains that a cadence will continue to exist for Windows 10 users and end of Patch Tuesday is not likely right now.
“I believe we will see a definite change for application updates and new features arriving as released and released to consumers more like mobile device updates. I believe we will continue to see a cadence and level of control for security updates for companies to ensure that business critical applications are secure and functional. I see this more as a decoupling of security from feature\bugfix than an end to Patch Tuesday,” he concluded.
Microsoft hasn’t yet detailed this new rolling release strategy, but expect the company to set things straight on the future of Patch Tuesday in the coming months, as it finalizes work on Windows 10.