Patch Tuesday and Exploit Wednesday

As you know Microsoft released over half a dozen security bulletins and related patches yesterday. Many of the problems probably affect your systems.

The day Microsoft releases patches -- second Tuesday of each month -- has come be known as Patch Tuesday. It's clear that typically within 24 hours exploits are released that take advantage of the recently problems problems, well before people have time to download, test, and roll out the necessary patches. So calling the second Wednesday of each month Exploit Wednesday seems appropriate.

Testing patches is important. While Microsoft certainly tests patches there's no way they can possibly test a patch in every possible type of configuration and network environment. So almost invariably there are problems that appear after major patches are released to the general public.

How do you guard against the possibility of problems and what's the patch process like in your company? Do you maintain a test environment where you can thoroughly test patches before a roll out? Do you test patches with production machines instead and roll back using backups if problems arise? Do you use a third party service provider to handle your patch requirements?