Before I get into what Managed Patch Updates are I should first discuss Patch Updates.

Every program has bugs (yeah, there’s something you didn’t know!).  The more complex the program, the more bugs it will have. While some of these bugs are merely annoying, some are dangerous. These dangerous bugs are referred to as vulnerabilities, since they make your computer vulnerable to hackers. When hackers find vulnerabilities they write software to exploit them. These exploits can allow hackers to take control of your computer, watch what you’re doing or steal data. As software companies find these vulnerabilities they release updates to fix them. These are known as patches.

Microsoft Windows is a massively complicated program. As such, it has a massive amount of vulnerabilities. New ones are identified every month. To keep Windows computers safer, Microsoft provides software that automatically downloads and installs patches as they become available. Windows Update software downloads and installs all patches for Windows as well as some other Microsoft software products. Other vendors followed suit by providing their own software for automatically downloading patches.

Like all automation tools, these are not without their own problems. First, there’s the possibility that it will stop working. It is software and subject to the same gremlins that make your other software misbehave. It’s very common for Windows Update to fail to apply a particular patch—usually because of a conflict with another patch or other software on your computer. Since patches often have to be installed in a particular order, once one fails, all following patches will fail.  You can go months without getting necessary security patches and not know it.

Patches have also been known to sometimes cause more problems than they fix, such as this patch that caused a Blue Screen of Death. If the patch conflicts with other software the result can cause a computer to lock up completely. It’s impossible for Microsoft—or anyone—to test their patches with every possible combination of every software available. So what many IT people prefer to do is wait to see if any problems are reported before installing a new patch. If there are no complaints in the first week after release, chances are it’s safe.

One final issue with automated patching is the number of programs required. Since each software company provides their own updater, you may end up with more than just a few of these programs running continuously. Although they are usually fairly small and don’t do much while they’re idle, combined they can be taking a good chunk of your memory (RAM). This can slow down your computer.