June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft

June 2024 Patch Tuesday is now live:
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day.

June 2024 Patch Tuesday forecast

While individually from each vendor, the updates weren’t that large, managing them together was more challenging. On the Microsoft front, the only Critical update was for Sharepoint Server, but there were important updates for Windows 11 with 41 CVEs addressed and Windows 10 with 47 CVEs addressed.

Microsoft has been busy this month, providing announcements on both products and technology that are reaching end of support and those that are in early preview.

Windows 10

Windows 10 was in the news this month, and Microsoft made some new announcements. First, Windows 10 21H2 Education and Enterprise editions will reach end-of-life with their final update next week. With no additional security updates, all users are encouraged to update to the latest version of Windows 10 or Windows 11 if their system requirements support it. Windows 11 requires newer security hardware, and many users can’t upgrade. It’s estimated that roughly 50 percent of all Windows users are still running Windows 10.

Second, Microsoft announced they are re-opening the Insiders beta channel after three years for users “to try out new features for Windows 10, version 22H2,” before it is released to all Windows 10 users. But don’t get too excited; the runway is getting short with Windows 10 22H2, the last version, reaching end of support next year on October 14, 2025. After that release, you must subscribe to their ESU program for additional security updates.

NTML

Microsoft also updated their deprecation information on NTLM, VBScript, Cortana, and WordPad. New Technology LAN Manager (NTLM) is an authentication protocol that was introduced in Windows 3.1 and is still used today.

Microsoft has been phasing out NTLM support and introducing Kerberos as a replacement, but announced that no further development on NTLM will be performed. Likewise, they announced that Visual Basic Scripting Language (VBScript), which has been around almost as long as NTLM, will be phased in three steps over the next several years. Both NTLM and VBScript are being replaced in favor of more powerful, and more importantly, more secure options – NTLM with Kerberos, and VBScript with PowerShell or JavaScript.

WordPad, also a Windows staple and from the same era as NTLM, has been deprecated from Windows 11, 24H2. Cortana has been replaced by the AI-powered Copilot as the help utility of choice. So, there you have the names and acronyms you may not hear much about anymore as they are slowly phased out.

Windows 11 24H2

The preview for Windows 11 24H2 hit the Release Preview Channel in late May. Unlike the 23H2 release last year, 24H2 is expected to have some major updates including the controversial, AI-powered Recall feature. This feature, as the name suggests, captures and stores information throughout the normal use of your computer and then you can query it to ‘recall’ an important piece of information you can’t remember. For example, where was that crazy cat picture with the fishing hat?! As you can imagine, there are all kinds of privacy and security concerns with regards to information it is collecting and storing, to name but a few. Microsoft has provided the basic information on managing Recall, but this will continue to be a hot topic on all the forums.