Microsoft Stock Price Routinely Dinged by Security Patches
Microsoft's stock price suffers more than usual on days that it ships software updates to plug security holes, new research suggests.
With few exceptions, Redmond issues security updates on the second Tuesday of each month. Microsoft implemented what's known as "Patch Tuesday" several years ago in order to give companies more time to plan for testing and rolling out the updates. It also began disclosing each Thursday prior how many security problems customers could expect to have to deal with on Patch Tuesday.
Microsoft did all this in the name of increasing the predictability of its patching process. But according to researchers at McAfee Avert Labs, the other predictable part of Patch Tuesday and Advance Notification Thursday is that Microsoft's stock price almost always sinks on those days relative to other trading days.
On average, Patch Tuesday saw Microsoft's stock price fall -0.11 percent in 2006, -0.29 percent last year, and -0.45 percent so far in 2008.
Compare that to the fate of Microsoft's stock on an average day in:
2006: +0.08 percent
2007: +0.06 percent
2008: -0.17 percent
Or consider trading on any other Tuesday:
2006: -.03 percent
2007: +.05 percent
2008: +.16 percent
These trends are even more noticeable when you examine the graphs showing the effect of Patch Tuesdays when measured from the trading day's opening bell both to the intraday low and intraday high for Microsoft's stock.
Interestingly, McAfee found Microsoft's stock nearly always rebounded the day after Patch Tuesday. "This is probably because institutional investors or market makers feel Microsoft was oversold the day before because of the bad news and that, in reality, Microsoft's value as an investment was only negligibly affected," wrote McAfee researcher Anthony Bettini.
Given this trend, one might expect traders would have figured it out by now and made a buck off of it. However, the researchers found that the average volume of trading on Microsoft's stock was significantly lower on Patch Tuesday and Advance Notification Thursday.
Still, it may be that some investors have figured out the trend and are short selling Microsoft stock on Patch Tuesdays -- a type of trading where investors essentially bet that a company's stock will sink on any given day.
The report did not examine whether the share price dip was deepened by Patch Tuesdays that addressed a greater number of flaws and/or more dangerous security holes. That would be an interesting topic for further research.
Bettini said he and other researchers soon would be looking at other tech giants like Oracle to see if patch days have an impact on their share prices. It's too bad Oracle only releases patches four times each year, as that's not a lot of comparative data.
I would also love to see research in the other direction: Namely, whether the publication of instructions on exploiting a critical, unpatched flaw in widely used software has shown any historical and consistent impact on affected vendors' share prices.
At any rate, if volume of patches is any indicator, tomorrow's Patch Tuesday should be an especially fun one for Microsoft investors: Redmond said last week that it plans to issue at least 11 bulletins on Tuesday. It's impossible to say how many individual security flaws will be addressed by these bulletins, as each can fix multiple security holes. As usual, Security Fix will have the lowdown on those patches shortly after they're released.
October 13, 2008; 8:21 AM ET
Categories: From the Bunker , New Patches
Save & Share: Previous: Phishers, Virus Writers Exploit Global Financial Crisis
Next: Security Software Suites No Match for Custom Attacks
Posted by: William | October 13, 2008 9:02 AM | Report abuse
Posted by: Bob | October 13, 2008 10:32 AM | Report abuse
Posted by: No Monay In Tha Bank | October 13, 2008 11:36 AM | Report abuse
Posted by: Bk | October 13, 2008 11:47 AM | Report abuse
Posted by: Ugh | October 13, 2008 1:55 PM | Report abuse
Posted by: Blair | October 14, 2008 9:30 AM | Report abuse
Posted by: jfc1 | October 14, 2008 7:52 PM | Report abuse
Posted by: Pete from Arlington | October 15, 2008 10:47 AM | Report abuse
Posted by: Kfritz | October 16, 2008 9:25 AM | Report abuse
Posted by: Kfritz | October 16, 2008 9:43 AM | Report abuse
Posted by: Richard Bejtlich | October 16, 2008 10:42 PM | Report abuse
The comments to this entry are closed.