For many companies used to problem-free patching, August’s Black Tuesday–the second Tuesday of the month when Microsoft releases its latest security fixes–stands as a reminder that software systems are complex and patching software can lead to problems.
Last week, Microsoft warned that three of the Patch Tuesday software updates–closing four security issues in its Exchange Server, one in the Windows kernel and another in Active Directory–caused problems for some of its customers. Companies that applied patches immediately may have lost the ability to search e-mail, had random crashes on Windows, or found that Active Directory’s federation services stopped working.
Corporate IT departments could become a bit gun-shy and stop applying patches as quickly as possible, says Wolfgang Kandek, chief technology officer for cloud-security firm Qualys.
“Each time this happens, it is really bad for the cause, because we always tell people to patch as quickly as possible, and these things are real setbacks,” he says, noting that Microsoft has spent hundreds of millions of dollars on software security and does extensive regression testing of its updates. “Unfortunately, it happens,” he adds.