Updates to cloud images typically come in the form of patches and either correct bugs and security vulnerabilities or introduce new functionality. The complexity and effort required to patch an image is much higher than what is required to patch an instance. This is due to the risk of incorrectly modifying configurations, breaking the cloud provisioning for the image or preventing the correct operation of the management stack. In a managed cloud, if a patch is not applied to an image it must be applied to each instance of the image. This process results in wastage of compute resources and causes the customer to receive an initial instance that has not been tested by the cloud provider. This paper proposes an algorithm to identify when an image should be updated based on the frequency of instantiation requests and the outstanding patches as actually experienced in a production data centre. © 2013 IFIP.