It has been estimated that the imminent Patch Tuesday event which will consist of 12 patches dealing with 22 vulnerabilities, including that long awaited Internet Explorer fix, will kick start something in the region of 900 million system reboots during the coming week. Call me sad (mmmmmphhhhhh. Ed) but ever since this figure was suggested to me, I have been singing a revised version of the John Shuttleworth ‘nerd pop’ classic, 500 Bus Stops: “One billion reboots”.

Surely it is not going to be long until the one billion reboot update is a reality, and IT departments around the world feel the strain with services wobbling and applications falling over for those businesses who are not best prepared. Don’t think that I’m pulling the threat out of my hat like a magician’s rabbit either, we’ve been here before. Who recalls a large Microsoft patch (albeit nowhere near the 900 million reboots mark that is expected this week) back in 2007 which knocked over plenty of applications? I seem to recall Skype was a high profile casualty back then.

Alan Bentley, a Senior VP at Lumension and the man who brought my attention to that monster reboot estimate, reckons that “900 million people will be having to patch and reboot their system” and warns that “it can’t be emphasised enough that this will be a massive simultaneous reboot and historically, we’ve seen services greatly impacted with such an undertaking”.

Of course, Patch Tuesday is not exactly a surprise occurrence and every IT admin worth his or her salt knows what to expect. Unfortunately, it seems that there are plenty who are not worth the proverbial sodium chloride in question when it comes to patching, full stop. Let’s face it, if patching was taken truly seriously then Conficker would have just been a quickly forgotten blip albeit one with a slightly rude sounding name. All that was needed to stop Conficker in its tracks, and my nerdiness is showing now as I can recall this off the top of my head, was the installation of the MS08-067 patch which Microsoft had released in October of 2008.

Which brings me to the point of this little rant: if more people were to consider patch management as a security issue rather than a systems maintenance one, there would be a lot less problems out there. And if patch management were taken truly seriously by all concerned then one billion reboots would not be a scary statistic at all.

I am, naturally enough, well aware that testing rears its head when talking about updating business critical systems and applications. But it’s really not rocket science to grasp the importance of getting critical patches applied in the shortest possible time scale, even if that means prioritising the testing process.