April 2024 Patch Tuesday forecast: New and old from Microsoft
April 2024 Patch Tuesday is now live:
Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw updates to Microsoft Windows, Office 365, Sharepoint Server, and Exchange Server. There were no zero-day or disclosed vulnerabilities in any of the releases. I anticipate much more activity this week.
Microsoft is re-introducing a standalone or on-premises version of Office, which is not continuously connected to the cloud. Microsoft Office LTSC 2024 will return to a single perpetual purchase model with five years of support. Per Microsoft, it will not contain Microsoft Publisher, which is being phased out, and it will not include Teams either, which makes sense from a standalone perspective. While the features will be very similar across all future versions of Office, the differences will be in the collaborative capabilities, which require cloud access.
This new version, not seen since Office 2016, will be ideal for companies with isolated or dark networks, locations with limited bandwidth, and individuals who don’t want collaborative cloud features. However, regular patch releases will be critical to keep this product updated because it does not receive immediate security updates like its related, cloud-connected versions. The preview version is supposed to be available later this month, with a general release later this year.
The Windows 11 update will automatically enable the Moment 5 features in preview this month. You should be thinking ahead to the end-of-support (EOS) for several versions of Windows this year. First, Windows 10 21H2 for Education and Enterprise reaches EOS on June 11. And, hard to believe, Windows 11 21H2 for Education and Enterprise and Windows 11 22H2 Home and Pro are already reaching EOS on November 8th.
Microsoft recently reversed its decision to end the preview updates for Windows 11 22H2 in February and announced it will continue through June. In anticipation of all these upcoming EOS events, Microsoft is introducing some new ‘nag screens’ in this month’s update for both operating systems and also starting to force update older versions of Windows 11 to 23H2.
Microsoft offers extended security update (ESU) support for Windows 10 following its end-of-life in October 2025. Many organizations are limited in their ability to purchase the hardware required for Windows 11 and will be forced to run Windows 10 past its official EOL. This will be the first time Microsoft is offering ESUs directly to consumers.
April 2024 Patch Tuesday forecast
- Expect major updates from Microsoft across the operating systems, various versions of Office, Exchange Server, Sharepoint Server, and probably the .NET framework.
- The last update for Adobe Acrobat and Reader was on February Patch Tuesday so we may see a minor update this month.
- Apple released Ventura 13.6.6 and Sonoma 14.4.1, as well as Safari 17.4.1 for Monterey and Ventura on March 25th. Please deploy these updates immediately and look for a straggling update for Monterey.
- Google announced that the Long Term Support (LTS) Candidate has been promoted from version 114 to ChromeOS LTS 120 and released a major update. As usual, expect Google Chrome for Desktop late Tuesday afternoon.
- It’s been three weeks since Mozilla released security updates for their major products, so anticipate Firefox, Firefox ESR, and Thunderbird to come out next week.
Microsoft should be very active this week with all these new introductions. Expect to hear from your users about new features on Windows 11 and maybe even some grumbling about older versions of the OS being updated or reminders that the end is near. And don’t forget that the quarterly Oracle Critical Patch Updates are coming out on the heels of Patch Tuesday on April 16th.