Patch Tuesday Best Practice

Learn how to identify and manage Patch Tuesday CVEs using the Vulcan Platform

Updated over a week ago

Target Audience

Vulnerability Manager

Feature Availability

Contact your CSM at Vulcan to enable this feature.


What is Patch Tuesday?

"Patch Tuesday" refers to the second Tuesday of each month when Microsoft releases security updates for its software products, addressing vulnerabilities and security issues in operating systems and other software like Windows, Office, and Internet Explorer.

What's the rationale behind this best practice?

Patch Tuesday is a crucial event for vulnerability managers as it ensures the security and stability of systems. By reviewing and applying these updates, organizations protect against potential threats, including malware and exploitation by hackers. This practice is part of the broader strategy of keeping software up-to-date to minimize security risks.

Tracking Patch Tuesday CVEs monthly is crucial for two main security reasons:

  1. Maintaining Security: Regular updates are essential for strong security, preventing exploitation by hackers targeting out-of-date systems.

  2. Fixing Bugs: Patches not only address security issues but also fix bugs, ensuring the efficient operation of systems and software.

What should you consider before updating?

While updating on Patch Tuesday is recommended, there are some risk factors to consider:

  1. Testing Updates: Test updates on a development machine before rolling them out to all machines to identify and address potential bugs.

  2. Reviewing Each Update: Carefully review each update, assessing the relevant risks. Prioritize critical security patches for fundamental parts of your infrastructure.

What's the goal of this best practice?

The goal is to efficiently manage and remediate vulnerabilities identified on Patch Tuesday to enhance your organization's security posture. This best practice aims to streamline the identification and remediation process of Patch Tuesday CVEs.

Best Practice Workflows

Identify and remediate Patch-Tuesday CVEs through the Vulcan Platform

Once the Vulcan Platform completes its sync with the scanners, which usually happens daily, it updates the vulnerabilities and CVEs with the latest findings. In the case of Patch Tuesday, the platform automatically identifies patch-ready CVEs and tag them with a "Patch Tuesday" Vulnerability tag.

Note: To enable the automatic Patch-Tuesday Vulnerability Tag feature, contact your CSM at Vulcan.

To find Patch-Tuesday CVEs using the Vulcan Platform:

  1. Go to Vulnerabilities > Vulnerable tab.

  2. Use the filter/search bar and filter by Vuln. Tag > Patch Tuesday.

  3. Select the relevant month to review the related CVEs.

  4. In the example below, we selected Oct 2023 Patch Tuesday and received 331 CVEs.

  5. Review the findings and the details of the vulnerabilities if relevant.

NOTE: The filters and parameters used in this best practice represent the most basic and widely utilized criteria used by Vulnerability Managers. It's important to note that these filters serve as a starting point, and you can expand and tailor them to your specific needs. Feel free to add more filters to refine your focus further and prioritize what matters most to your organization. Learn more about the available filters and parameters in Vulcan's Magic Search.

Monitor Patch Tuesday monthly remediation campaigns through the Vulcan Platform

Vulnerability Managers track and monitor Patch Tuesday CVEs every month. As a best practice, they create monthly remediation campaigns to contain all the patchable CVEs released on Patch Tuesday of that month.

The Vulcan Campaign feature and capabilities allow Vulnerability Managers to easily track and monitor the campaign's progress.

Example of Patch Tuesday campaigns:

Did this answer your question?