I wish I had more time to watch action flicks. You just learn so much. In “Commando,” Schwarzenegger taught me how to take on an island of bad guys, kill them all and get the girl. In “Rambo,” Stallone taught me not to mess with silent guys that carry big knives. And in “Heat,” De Niro taught me how to rob a bank.

First, you need to do a significant amount of reconnaissance on the target. You need to know when the money comes and goes. You also better be sure about the number of folks they have protecting the money. We need to know how quickly the authorities are going to respond and make sure our getaway plan is solid.

By doing the right amount of homework and being careful, you can get the money and ride off into the sunset. Or not, if Al Pacino comes out of the darkness and guns you down. So what does that have to do with Microsoft’s patching process? I want to thank George Ou for making this as clear as day. For the last two months, robbers have hijacked the patching process.

Do you think it’s a coincidence that major Microsoft Office vulnerabilities with exploit code have appeared within a day of Patch Tuesday? I don’t, and it’s not just my active imagination going wild. In my business, you see something once it’s interesting. See it again, and you get suspicious. Three times, and it’s a trend. We’re two-thirds of the way to something big.

If a bunch of malcontents have decided to game the patching system, that means they have pretty much a full month to do damage. That is, unless Microsoft decides to do an off-cycle patch, which happens only once or twice a year. So are we just expected to hold the bag for a month, or do we need to start embracing 3rd-party patching (3PP) solutions?

I believe this gaming of the patch process will create a market for 3rd-party patches. I didn’t think so at first, but I don’t think Microsoft can act fast enough to respond. Some of the 3PPs will have hair and cause more damage, but most will be fine. Microsoft will grind their collective teeth, but eventually stop decrying the evils of 3PP. Why? Microsoft now finds itself between a rock and a hard place.

One option is to not tell customers when the monthly patch is coming. It’s hard to game without that reconnaissance. But that won’t work. It creates too much turmoil for customers, who have to manage onerous change-management processes. If they don’t know a patch is coming, they may miss it, and the impact would be severe. I’ve learned the hard way that customers hate surprises, so having a structured time frame and process to fix things monthly is a good thing.