Re: reason for Patch Tuesday
The discussion on security by obscurity is always fun but in this case a red herring.
This is not a case of it. This is the way that Microsoft is balancing the risks.
Risk 1
Malicious person independently discovers the flaw and exploits it between the time it is fixed and the time the fix is published.
Risk 2
Malicious person looks at the patches and noting what has been changed to fix the flaw is able to design an exploit to take advantage of those who haven't bothered to apply the fix.
Risk 1 is reduced by patching quickly but by definition unpredictably. It is increased the longer the patch is withheld.
Risk 2 is reduced by patching predictably which by definition means you are delaying the publishing. A nice side effect is that it creates a reference point to how out of date a system's patching is which creates pressure to get it done at least sometime within the month.
For mine, the risk minimisation strategy Microsoft are using here is about right.