October 2024 Patch Tuesday forecast: Recall can be recalled

October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many innovations and one controversial feature.

October 2024 Patch Tuesday forecast

Windows 11 24H2 and Microsoft Recall

This OS was released in May for Microsoft’s new Copilot+ PCs, powered by a neural processing unit (NPU); several features are unique to that platform. Now available for systems that meet the hardware requirements, it includes many new security features, including SMB protocol and firewall rule changes, personal data encryption for folders, and support for the SHA-3 family of algorithms from the National Institute of Standards and Technology (NIST), to name a few.

The controversial Recall feature, which uses AI technology to retrieve previous activity on the machine, has updated security and privacy controls, and there is also an option to remove it entirely. This update is a complete OS replacement, so there is no enablement package option from previous versions of Windows 11.

This release also introduces Windows 11 Enterprise LTSC 2024, which follows the last LTSC release, Windows 10 Enterprise LTSC 2021. Windows Server 2025 has yet to debut, but it is expected to be released in conjunction with Ignite 2024, which is coming in November.

Checkpoint cumulative updates

Microsoft introduced ‘checkpoint cumulative updates’ in this version of Windows 11. These consist of more minor monthly cumulative updates followed by a periodic checkpoint update consisting of the previous monthly updates. The monthly cumulative updates, or ‘differentials’ from the checkpoint update, as Microsoft calls them, will begin anew in the form of much smaller files.

The important takeaway is that the Windows update process will handle all these files for us and use less bandwidth and storage space. Over the years, we’ve seen several changes in update strategy, so we’ll have to see how this one plays out.

Passwords

The second public draft of NIST Special Publication 800-63B Authentication and Authenticator Management drops mandatory reset rules and password complexity.

This brings to light practical guidance that longer, simpler passwords are more secure and easier to remember for most users and that password churn in the form of frequent resets only results in users choosing weaker passwords so they can remember them. Resets should be tied to security events that warrant them. This is the second public draft, and if you would like to comment on this, you only have until October 7.

Last month’s updates

September 2024 Patch Tuesday provided updates addressing 31 CVEs in Windows 11 and 45 CVEs in Windows 10. Four known exploited zero-day vulnerabilities were reported in the group; three were in the operating systems, and one was in Microsoft Publisher in the Office suite.

The usual Microsoft Office and Sharepoint Server updates and a Microsoft SQL Server release were there. Unfortunately, they introduced an issue with the dual-boot setup, which prevented almost all operating systems from booting into Linux. The final updates for Windows 11, 21H2 Enterprise and Education versions, and Windows 11 22H2 Home and Professional are coming next week. Yes, the first versions of Windows 11 are already reaching their EOL!