December 2024 Patch Tuesday forecast: The secure future initiative impact
December 2024 Patch Tuesday is now live:
Microsoft fixes exploited zero-day (CVE-2024-49138)
It seems like 2024 just started, but the final Patch Tuesday of the year is almost here! In retrospect, it has been a busy year with continued Windows 11 releases, the new Server 2025 release, and all the patches we’ve needed to deal with on Patch Tuesdays (and in between).
Looking back to my blog from November of 2023, I had a single line referencing Microsoft’s Secure Future Initiative and just mentioned it in passing with regards to how AI will be used in future development. Fast forwarding through 2024, we see how Microsoft has executed on this program in the form of the products with AI enhancements.
This process will continue into 2025 with Microsoft planning to release a new operating system around the time we will see Windows 10 go into Extended Security Update (ESU) support. This one continues the trend with a more secure kernel, tighter controls on applications and drivers, and more AI features for an improved user experience. Enjoy what should be a relatively calm Patch Tuesday next week, because there is a lot of action coming in 2025.
There are several issues Microsoft has been dealing with this month that you need to be aware of. They pulled and then re-released the November 2024 Exchange Server Security Update packages. Per Microsoft, there were reported issues with Exchange Server transport rules stopping after a period of time. They provided an update with complete details on their support blog.
The 24H2 version of Windows 11 has also been going through some new release pains of its own. The most recently reported issue was a failure to discover USB-connected devices that support the eSCL (eScanner Communication Language) scan protocol. For the gamers in the crowd, there are also reported issues with regards to running Ubisoft games like Assassin’s Creed. Looking through the list, you’ll also see several other compatibility issues that have been reported and are under investigation. This is not unusual when there are major changes in a new operating system, but it is important to note the reported issues as you roll it out in your environment, so you are not wasting your time troubleshooting a known issue.
Speaking of Windows 11 24H2, Microsoft announced the preview program for hotpatching both Windows 11 Enterprise 24H2 and Windows 365 Enterprise. With a hotpatch subscription, users will receive a standard cumulative update at the beginning of each calendar quarter and then hotpatches for the following two months. Under this model, reboots will be reduced from twelve to four with just the reboot needed in conjunction with the quarterly cumulative updates.
The use of AI is continuing to make the news. Using AI to enhance security, Google now states that their Enhanced Protection feature provides “Real-time, AI-powered protection against dangerous sites, downloads, and extensions that’s based on your browsing data getting sent to Google.” Microsoft also announced they are releasing the AI-powered Recall feature into the Windows 11 Insider Preview Build for Copilot+ PCs. They’ve spent a lot of time providing details on all aspects and configuration of Recall so you should check out this announcement to learn more.
December 2024 Patch Tuesday forecast
- With Ignite over and the year-end holidays fast approaching, this month’s updates from Microsoft will be limited. Plan for only operating system and Office updates.
- I expect a major update for Acrobat and Reader this month which is normally when Adobe provides the final update for the year. Their last release was September Patch Tuesday.
- Apple released Sequoia 15.1.1, Safari 18.1.1, and several iOS updates on November 19th. Not sure if we’ll see a Sonoma or Ventura update but make sure these releases are in your latest round of deployments.
- Google Chrome has become a Patch Tuesday staple, so deploy it as usual next week.
- The Mozilla Foundation released security updates for all their products on November 26th. They were all rated High with a maximum of 17 vulnerabilities reported in Firefox. These releases were Thunderbird ESR 128.5 and Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, and finally Firefox 133. We may see a minor update next week just to keep things safe leading into the holidays so be on the lookout.
It looks like a calm setup for the final Patch Tuesday of the year. And until I check in with you next year, have a Merry Christmas and Happy Holidays!