Security Patch – Publicly released update to fix a known bug/issue
A security patch is a change applied to an asset to correct the weakness described by a vulnerability. This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in an asset.
Security patches are the primary method of fixing security vulnerabilities in software. Currently Microsoft releases their security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible.
Hotfix – update to fix a very specific issue, not always publicly released
A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). Typically, hotfixes are made to address a specific customer situation and may not be distributed outside the customer organization.
A hotfix package might contain several encompassed bug fixes, raising the risk of possible regressions. An encompassed bug fix is a software bug fix which is not the main objective of a software patch, but rather the side-effect of it. Because of this some libraries for automatic updates like Stable Update also offer features to uninstall the applied fixes if necessary.
In a Microsoft Windows context, hotfixes are small patches designed to address specific issues, most commonly to freshly-discovered security holes. These are small files, often automatically installed on the computer with Windows Update (although some may only be able to be obtained via Microsoft Support) and could contain a hot patch eliminating the need for a reboot.
Service Pack – Large Update that fixes many outstanding issues, normally includes all Patches, Hotfixes, Maintenance releases that predate the service pack.
A service pack (in short SP) is a collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package. Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain (arbitrary) limit. Installing a service pack is easier and less error-prone than installing a high number of patches individually, even more so when updating multiple computers over a network. Service packs are usually numbered, and thus shortly referred to as SP1, SP2, SP3 etc