What Are Windows Updates and Patches and Why
Are They So Important to My IT and Network
By I S McCain
Most of us have been aware of the little pop up box on the task bar of our PC, which states
rather bluntly, that there are "Updates Available" for our computer. Some will click on
Approve/Install, while others will simply ignore the pop-up indefinitely. But, make no mistake;
there is a good reason why your computer tells you that there are updates available.
Windows Update is a service provided by Microsoft that provides updates for all the existing
Microsoft Windows Operating Systems currently being supported (an older OS may not have
active patches being created for it).
On top of the Windows Update there is also a service known as Microsoft Update, which is a
wholly expanded version of the Windows Update service providing updates and patches not just
for the operating system and Internet Explorer, but also for other Microsoft software running
under Windows including program suites such as Microsoft Office, Windows Live, and Microsoft
Collectively the management of these various update patches is known as Patch Management.
These updates are important as there are always improvements to the software's base
reliability, performance and security that need to be addressed. The different updates
include Security updates which specifically address software security vulnerabilities only. Also,
there are critical updates which are designed to protect against vulnerabilities to malware,
security exploits and errors which could compromise the stability of the OS or Windows
These Security and Critical updates are routinely provided on the second Tuesday of each
month, known within the industry as "Patch Tuesday." What is important to note is that as these
patches are provided there are always chances that application of the patch itself can cause
instability in the system. I have personally witnessed numerous occasions when applying a new
".net" patch or "XP Professional" patch causes the computer system or server to lockup
requiring a rollback to the previous un-patched version.
Because of this, it is very important that your IT company or in-house IT specialist is aware of
the stability of the patches before applying them and that they apply best practices when
installing new patches to the OS or Software, as downtime costs your business time and
money. Typically this would require establishing a pre-installation restore point, evaluating IT
reviews of the patch or known compatibility issues. It is also wise to wait a 2-3 weeks (at least in
my experience) before applying the patch. This way any critical issues will often be made known
either through Microsoft or other IT publications.
Many people and small businesses can get into the frame of mind that "if a patch can cause a
system to fail, then why apply any patches at all?" Though this does seem a logical response, it
is important to remember that the software (when originally released) was designed to operate
with the functionality of existing peripherals and features - which can grow and change over
time. And from a security standpoint, the software or OS was designed to combat the currently
existing threat levels and modalities for compromising systems. Over time the tactics used by
hackers and their ilk work to beat the existing system security levels, requiring users to update
and improve their security. Failing to consistently update can therefore create major security
issues and network vulnerabilities that will only compound over time.