February 2025 Patch Tuesday forecast: New directions for AI development

The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI.

January 2025 Patch Tuesday forecast

DeepSeek ad Stargate

DeepSeek took the world by storm as millions of copies were downloaded to personal devices, but soon security concerns arose as to how the chatbot used personal data. As research continues, many countries have banned the app from sensitive systems, and other countries and organizations, including the US, are also considering banning it.

The Trump administration announced the Stargate project to accelerate AI development in the US. This was done while simultaneously revoking several federal regulations, which could slow development. Many of these regulations addressed safety and security restrictions to prevent cyberattacks on people and infrastructure. It is unclear at this point which, if any, federal organizations will be tasked with overseeing new AI initiatives. As I mentioned in previous months, Microsoft and others have embraced AI for security and many other functions, so it remains to be seen how this new AI direction will factor into our patch operations in the months and years ahead.

Mass patching

Patch releases have also contributed to the January whirlwind, with Microsoft addressing near-record numbers of CVEs in their Patch Tuesday updates. There were 130 CVEs fixed in Windows 10 and 11, including three zero-day and two publicly disclosed vulnerabilities. There were also critical fixes for all versions of Microsoft Office and an important update for SharePoint Server and .NET framework release.

EOL woes

It’s still early February, but everyone should be planning and budgeting to address all the products reaching their end-of-life later this year. Microsoft sent out reminders several times this month. The largest for most of us to deal with is the last security update for Windows 10 coming on October 14th. Estimates show 40%+ of all Windows desktop machines are still running this operating system. The latest and final version is Windows 10 22H2.

As part of a phased rollout, Microsoft announced they are now offering Windows 11 24H2 to eligible Windows 10 22H2 devices. If you have devices which need to continue running Windows 10, there is a 3-year ESU program starting in November but that gets expensive as the price doubles each year for these security updates. Also on October 14th, Exchange Server 2016 and Exchange Server 2019 will reach the end of support.

In the continued march to the cloud, Microsoft recommends migrating to Exchange Online or Microsoft 365. And finally, don’t forget that Microsoft will deprecate WSUS driver synchronization on April 18, 2025. They will continue to be available in the update catalog, but you won’t be able to import them into WSUS. Microsoft has some migration recommendations in its latest announcement.

Apple

Apple issued security updates for multiple products on January 27th which included a fix for its first zero-day vulnerability CVE-2025-24085 allowing privilege escalation. Apple acknowledged this vulnerability was under active exploitation. In addition to this vulnerability, there were up to 28 additional fixes depending upon the product. If you haven’t already deployed these updates, ensure they are part of next week’s Patch Tuesday program.