Computer programs are complex systems, and they typically have vulnerabilities that are not discovered until after the software is released. These vulnerabilities can be addressed after the initial software is released by distributing and installing an update to the software, which is designed to remedy, or protect against, the vulnerability. Typically, the vulnerability is discovered by the program's manufacturer, support entity, or partner before the vulnerability is generally known to the public.
One problem with an update is that the update can normally be reverse engineered to reveal the existence of the vulnerability that the update is attempting to fix, which can be an invitation to attackers to try to exploit the vulnerability on machines without the fix applied. If updates could be delivered to every machine at the same time, then the fact that the updates reveals the vulnerability would not be a significant problem, since all machines would be protected against the vulnerability at the same time that attackers learned of the vulnerability's existence. However, updates often take the form of large files, and there is not sufficient bandwidth, or other physical resources, to distribute the update to every machine at the same time. Thus, there is a window of time during which the update (and the vulnerability that it both fixes and reveals) is known to the public, but a significant number of machines are unprotected. It is desirable to update programs in such a manner that all, or a large number, of machines are protected very soon after the update is first made known to the public.