Early this month, Microsoft announced Windows Autopatch, a new methodology for distributing Windows 10/11 patches at any time, not just on Patch Tuesday. This has caused some in the internet pundit-sphere to breathlessly claim that Patch Tuesday is dead.

Rumors of the death of Patch Tuesday are premature…

Windows Autopatch will be available in July, so let’s look at the facts as we know them:

  • The optional service is only for Windows 10/11 and Office 365 software. No server OS’s, thrid-party apps or .Net framework components.
  • It requires an E3 license or better.
  • Devices are required to be managed by Intune or under co-management with Intune and SCCM.
  • Azure AD is also required.
  • It employs an interesting algorithm where patches can be phased into 1% of devices, then 10%, then 90%.

The advantage of this new method is that overstretched IT organizations could get critical patches out to remote workers sooner with less effort. While this may progress the security posture of some organizations, it’s uncertain if most enterprise customers will adopt this capability, as they generally do not roll out patches without testing cycles or timing controls and are averse to causing end users to endure multiple reboots (often the case with Microsoft patches).  Many organizations schedule patches in line with strict maintenance windows, meaning consuming patches as they’re released simply wouldn’t work.

Microsoft introduced Patch Tuesday in October 2003 for a reason: to stop driving customers crazy with constant security updates, sometimes happening twice a day. Is this going back in time 20 years? Time will tell. In the meantime, HCL BigFix has long been used by enterprises to safely deploy patches in many ways:

  • BigFix Patch policies can replicate the 1-10-90 algorithm while adding change control.
  • BigFix can do it for all of your operating systems, not just Windows 10/11 and Office 365
  • We also patch hundreds of third-party apps.

Our take: Patch Tuesday is not going away. Not for servers and not for enterprises who need to ensure endpoints remain productive and secure.

The HCL BigFix team will continue to stay abreast of the changes as they are announced by Microsoft as well as customer feedback on this new development. We expect that the power and flexibility of BigFix’s intelligent automation can leverage Windows Autopatch in new and productive ways. Only time will tell.

To learn more about BigFix, Contact us or your BigFix Technical Advisor.

Comment wrap
Further Reading
Automation | May 19, 2022
Why NOW is the Time to Unify IT Ops and Security
Security threats are evolving fast. CIO.COM has published a series of articles that delve into how to rapidly align IT Ops and security teams to enhance overall security posture prior to, during, and after an attack.
Automation | May 15, 2022
BigFix Supports NIST Cybersecurity Framework for Ransom Risk Management  
According to a recent threat intelligence report, ransomware has become the most popular attack method, making up 21% of all the security attacks in 2021. HCL offers two whitepapers to help IT organizations implement the recently published NIST Ransomware Profile.
Automation | May 12, 2022
Fight Conti Ransomware with BigFix and Tenable
Conti is a Russian-based ransomware group that operates a ransomware-as-a-service model to deploy the Conti ransomware. BigFix remediates vulnerabilities fast.
Filters result by