The recent Patch Tuesday in May 2024 was quite unusual as it saw security updates being released by Adobe, Apple, Google, Mozilla, and Microsoft all on the same day. While the individual updates from each vendor were not massive, the challenge came in managing them all together.
In terms of Microsoft’s updates, the only Critical update was for Sharepoint Server, but there were significant updates for Windows 11 addressing 41 CVEs and Windows 10 addressing 47 CVEs. Microsoft has been quite busy this month with announcements regarding products and technologies that are either reaching end of support or are in early preview stages.
Windows 10 was particularly in the spotlight this month with Microsoft making several new announcements. Firstly, Windows 10 21H2 Education and Enterprise editions are slated to reach end-of-life with their final update scheduled for the following week. It is strongly recommended that all users update to the latest version of Windows 10 or Windows 11, if their system requirements permit.
Secondly, Microsoft revealed that they are re-opening the Insiders beta channel after a three-year hiatus for users to test out new features for Windows 10, version 22H2 before it is made available to all Windows 10 users. However, the runway for Windows 10 22H2 is short, as it is the final version and will reach end of support in October 2025. After this release, users will need to subscribe to Microsoft’s ESU program for additional security updates.
Additionally, Microsoft updated their deprecation information on NTLM, VBScript, Cortana, and WordPad. They announced that no further development on NTLM will be undertaken and that VBScript will be phased out gradually over the next few years in favor of more secure alternatives like PowerShell or JavaScript. WordPad has been deprecated from Windows 11, 24H2, while Cortana has been replaced by the AI-powered Copilot utility.
The preview for Windows 11 24H2 was released to the Release Preview Channel in late May, with major updates expected, including the controversial AI-powered Recall feature. This feature collects and stores information from regular computer use, allowing users to retrieve specific information they may have forgotten. However, privacy and security concerns regarding the data collected remain a hot topic.
Looking ahead to June 2024 Patch Tuesday, Microsoft is expected to continue with their regular operating system and application updates, including ESUs. Adobe, Apple, Google, and Mozilla are also likely to release security updates for their products, continuing the trend from the previous month.
In conclusion, users are advised to utilize Microsoft’s announcements to plan their software deployment strategies, taking into account products reaching end of support as well as newly introduced technologies. It is crucial to pay close attention to the vulnerabilities addressed by Microsoft this month and monitor any Pwn2Own discoveries that may be credited.