Microsoft's Patch Tuesday unloads 12 bulletins with patches for at least 20 vulnerabilities (6 critical) and it's likely there are still holes left unplugged.
"There are fixes for gaping holes in the Microsoft Office desktop productivity suite but it is not immediately clear if all the flaws exploited in the recent zero-day attacks are covered."
There has to be a better way. To its credit, Microsoft has institutionalized the patch process and made it more predictable for IT managers. The problem: Microsoft will never catch up.
Here's a headline you'll never see:
Microsoft releases 25 patches, plugs all known security holes
Perhaps, Microsoft should go twice a month that way it can make patch day more digestible. Of course, the downside to this is technology managers are in a never-ending state of patch testing--install a patch, break an app, fix and repeat.
It's unclear whether a more rapid-fire patch schedule would make Microsoft more responsive--it has been slow on the Office zero day exploits--but it's an option worth consideration.
Others have noted that Microsoft should patch less--say quarterly. The issue: Microsoft may be less responsive and only focus on emergency patches. While that could be easier on a patch-weary IT manager there's a lot of room for interpretation. Your emergency may not be Microsoft's.
Assuming that Microsoft patches are here to stay a little dialogue on patching frequency may be in order. I don't have the answers, but would love to hear some suggestions. I'm just not sold on this current patch day schedule given the bulls eye on Microsoft's back.