Get Your Patch Tuesday Vulnerabilities Patched on Tuesday
Last updated on: November 16, 2022
Every IT person is familiar with Patch Tuesdays. It’s the time of the month where IT needs to put their daily work aside and prepare for patching their entire IT environment.
However, for many organizations Patch Tuesday is not a single event that occurs as an isolated point in time. It typically weeks – sometimes months – after Patch Tuesday and can take an extended timeframe to get the assets updated. There are many reasons why timeframes are protracted, the most common being the time it takes IT to research all new patches and create all the necessary processes to test and deploy them to production across the organization.
The above further illustrates the need to address vulnerabilities released as part of Patch Tuesday sooner rather than later.
What if you could patch on Patch Tuesday?
As Patch Tuesday is a recurring and predictable event, this means that automation can play a key role in simplifying the process but more importantly saves time for the IT team by ensuring patches can be deployed faster and with less IT work involved.
Qualys Patch Tuesday zero-touch, automation allows IT to create automated patch jobs that will automate the testing and deployment of new patches released in patch Tuesday – on Tuesday.
Once the automation policy is created, the task becomes “Zero Touch” – i.e. IT and security teams do not need to invest more time in testing and deploying patches released on Patch Tuesday. Leveraging the power of automation, customers can test and deploy new patches as soon as they are released.
Expand Patch Tuesday to This Month in Vulnerabilities and Patches
Organizations invest time in patching to fix vulnerabilities in their environment. As such, organizations find it beneficial to leverage Patch Tuesday as a triggering event to deploy not only Microsoft patches but also to patch other key vulnerabilities released in the month since the last Patch Tuesday.
With every Patch Tuesday, the Qualys research team is analyzing all the Microsoft newly released vulnerabilities but also the past month’s vulnerabilities from all other vendors. Based on its analysis the research team identifies the key, most critical vulnerabilities released in the last month and shares this information with our customers.
Qualys customers can leverage those insights and either manually or automatically create patch jobs to fix not only the latest Microsoft Patch Tuesday vulnerabilities but also the key vulnerabilities identified by the research team on many 3rd-party applications. Qualys Cloud agent’s ability to deploy patches to any device, anywhere, regardless of its location, without the need to package or prepare the patches allows customers to respond to all vulnerabilities released on and before Patch Tuesday on Tuesday, and not extend this effort over a protracted period. Adding all those patches to the same “patch job” ensures end users and servers do not need to be rebooted multiple times, improving the uptime of critical servers as well as the “well-being” of the end users.
Join our monthly, “This Month in Vulnerabilities and Patches” webinar to learn from our lead researchers about last month’s vulnerabilities including this month’s latest Patch Tuesday ones.
It would help if Qualys would actually describe HOW to set this up. These blogs are not just read by potential customers, also by existing ones and some might need a little push on where to do this.
You can create a patch job, in the select patches step select “automated” and use a QQL (for example vendor:Microsoft). In the schedule deployment step select “Recurring Job” -> Repeats Monthly -> Patch Tue. Hope this helps.