Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Ivanti: How Microsoft's Patch Tuesday Transformed Security Updates

Ivanti
07/03/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


I think there's a couple of things that those of you who have been in the patch management space for a while might remember. Eric, back in the day, was often referred to as Mr. Patch. If you would have emailed secure at Microsoft.com, Eric would have been the person responding to that. This is back when, I mean, really patches were just hot fixes that were being created on the fly by Microsoft to fix bugs in the operating system at that point. So, Eric, what was patch management like in the beginning? Well, I'm glad I'm retired now since the patch management problem has been solved, but we can go back and talk about the beginning of Patch Tuesdays. I was at the Microsoft Security Response Center, secure at Microsoft.com. To be most responsive to customers, we wanted to release the patches, the security patches, as quickly as possible. So, as soon as a patch was done and the product team blessed it, we would go ahead and issue the security bulletin with the corresponding patch. That could be on a Friday afternoon. It could have been on a Monday morning. We released one patch years ago. It was an Exchange server patch. Moments after releasing it, a bug was identified in the patch. So, we pulled the patch down after we updated the security bulletin to say we were pulling the patch down. We released the patch a second time that same day and updated the security bulletin. A few hours later, the team identified that there was still a bug inside of that patch. So, they pulled that patch down again and released it a third time that same day. Again, this was in this press to get the patches released as soon as possible. It didn't work out so well in that case because we released it three times in a day. We shortly thereafter moved to a weekly patch process. That was Patch Tuesday. It was every Tuesday. That helped customers because you could then plan when security bulletins and patches would be coming out, would be on Tuesday afternoons. The patches had to be completed some number of days prior to that time where it could then be thoroughly vetted and tested and then released on Tuesday. We found that that cut down on the recurrence of reissuing patches and it brought the quality up. At some point after I left MSRC, that weekly process morphed into a monthly process to the Patch Tuesday that we know today.

TL;DR

  • Early Microsoft patches were released immediately upon completion, sometimes on Friday afternoons or Monday mornings with no predictable schedule.
  • A notorious Exchange server patch was released, pulled, and reissued three times in a single day due to bugs discovered after each release.
  • Microsoft transitioned from ad-hoc releases to weekly Patch Tuesday, then eventually to the monthly cycle used today, dramatically improving patch quality.

Summary

This interview features Eric, a former Microsoft Security Response Center engineer known as 'Mr. Patch,' reflecting on the origins of modern patch management. He recounts the chaotic early days when security patches were released immediately upon completion—sometimes multiple times in a single day due to bugs. A particularly memorable Exchange server patch was pulled and reissued three times within hours, highlighting the risks of prioritizing speed over quality. This experience drove Microsoft to adopt a weekly release cadence, which eventually became the monthly Patch Tuesday cycle still used today. The shift allowed for proper vetting and testing, significantly improving patch quality and giving IT administrators predictable schedules for planning updates. Eric's firsthand account provides valuable historical context for understanding why structured patch release processes became essential to enterprise security operations.

Chapters

0:00 - Introduction and Eric's Legacy
0:51 - Early Patch Release Chaos
1:32 - The Exchange Server Incident
2:14 - Birth of Patch Tuesday

Key Quotes

0:23 "Eric, back in the day, was often referred to as Mr. Patch. If you would have emailed secure at Microsoft.com, Eric would have been the person responding to that."
1:42 "We released the patch a second time that same day and updated the security bulletin. A few hours later, the team identified that there was still a bug inside of that patch."
2:39 "We found that that cut down on the recurrence of reissuing patches and it brought the quality up."

FAQ

Why did Microsoft move from immediate patch releases to Patch Tuesday?

The rush to release patches as quickly as possible led to quality problems, including instances where patches had to be pulled and reissued multiple times in a single day. Moving to a scheduled release cycle allowed time for thorough vetting and testing, which significantly reduced the need to reissue patches and improved overall quality.


Categories:
  • » Webinar Library » Ivanti
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Best Practices
  • Interview
  • patch management history
  • Microsoft Security Response Center
  • Patch Tuesday origins
  • security bulletin process
  • hot fix releases
  • patch quality assurance
  • enterprise update scheduling
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Ivanti: How Microsoft's Patch Tuesday Transformed Security Updates

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting an Elite Security Team to Achieve Championship-Level Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-an-elite-security-team-to-achieve-championship-level-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies for Mastering the DPDP Framework
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting an Elite Security Team to Achieve Championship-Level Defense

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version