Engineering Security Updates for More Than a Billion Systems Worldwide

With more than a billion systems using its products and services worldwide, Microsoft understands customers’ expectations for a safer, more trusted computing experience.

While the company continues to develop more secure and privacy-enhanced software and services, we realize customers will continue to be at risk from online attacks, threats and cybercrime. That is why Microsoft is committed to protecting customers with high quality security updates that address software vulnerabilities, while minimizing disruption.

Achieving this goal requires a significant amount of analysis, planning and testing to help ensure that the final security update meets strict quality standards and will not interfere with software operation.

High Quality Security Updates

Microsoft provides support for business and developer products for 10 years after product release, and consumer, hardware, and multimedia products for five years after product release. Implied in this support commitment is Microsoft’s assurance that security updates work with products that are supported at the time the security update is released. 

Accomplishing such an engineering feat requires extensive testing that can involve numerous product versions in many languages, as well their service packs. Additionally, we conduct application compatibility testing involving thousands of the world’s most popular third-party software products.

To illustrate this complexity, the figure below shows a test matrix for a single security update for the Windows operating system.

This single update requires more than 500 different product tests for different versions of the Windows operating system. Factor in common Microsoft and third-party applications, and the test matrix expands dramatically.

Microsoft typically includes up to 3,000 of the most commonly deployed applications in these test matrices to help minimize disruption to customers.

Click on the image above to enlarge. Click the large image to close.

Another way Microsoft helps minimize disruptions to customers and businesses is by combining updates to address multiple issues where possible. This action is driven by customer feedback because it reduces the number of updates that are required for deployment.

It is impossible to completely prevent the introduction of vulnerabilities during software development. This is why such a rigorous process is undertaken to provide high quality security updates that customers can confidently deploy. 

Microsoft remains committed to helping protect customers from online criminals seeking to take advantage of them, in addition to minimizing disruption to their computing experience and business operations. For more information download Software Vulnerability Management at Microsoft.