Updates that include the letter B in their name identify updates that released as part of a patch Tuesday event. The letter B identifies that the update released on the second Tuesday of the month.

Windows 10 “Patch Tuesday” Updates Are now Being Rolled Out

Each month, Intune administrators deploy the most recent Windows 10 quality updates on the fourth Tuesday of the month. This period gives them two weeks after the patch Tuesday event to validate the updates in their environment before they force installation of the update.

While there isn't a whole lot in this Windows 10 build 19044.1826 (and related updates), it's worth noting that this update also includes all the changes rolled out in last month's optional update (KB5014666), which includes a lot more fixes.

Microsoft has confirmed and issued a fix for a bug in Windows 10, which could cause OneDrive to crash or close unexpectedly. The problem first appeared after the latest Patch Tuesday updates, which rolled out on October 11, and it affects all supported versions of Windows 10.

The Creators Update itself is build 15063.0, but there will be a small Cumulative Update delivered on April 11. Previews of this patch have been rolled out to insiders, with the fast ring Insiders on 15063.14 and slow ring Insiders on 15063.13. Using the Update Assistant or Media Creation Tool appears to also update to 15063.13. This situation may well change by the actual release day next week.

Microsoft released 71 total vulnerabilities this month, with only 3 being rated Critical. And as we remind you every month, Automox recommends that all critical and exploited vulnerabilities are patched within a 72 hour window, in particular those zero-day, and Microsoft codec vulnerabilities highlighted this month.

Google has rolled out fixes for five security vulnerabilities in its Chrome web browser. These include one which Google says is being exploited in the wild (CVE-2021-4102), so we recommend upgrading to Chrome version 96.0.4664.110 immediately.

At the beginning of December, Mozilla patched a Critical vulnerability in their Network Security Services (NSS) that could exploited to execute arbitrary code. About a week later, Mozilla rolled out fixes for Thunderbird, Firefox, and Firefox ESR. All three of these respective bulletins were rated High by the software company.

At the beginning of November, Mozilla released security vulnerability fixes for 14 total CVEs across Firefox, Firefox ESR, and Thunderbird. There were a lot of third-party releases at the end of October in addition to aforementioned Adobe updates. Google released an emergency update to patch eight vulnerabilities, two of which are high severity zero-days, for Windows, macOS, and Linux. In late October Apple released MacOS Monterey, along with iOS and iPadOS 15.1. Due to the dates of these releases, these figures are not included in the graphic to the left.

Fortunately, it was a lighter month than usual with only 51 vulnerabilities addressed from Microsoft, 7 of which are rated as critical, and only 1 being actively exploited in the wild. There are also 7 Chromium vulnerabilities with Unknown severity ratings. We reported on 7/23/2021 about the Windows HiveNightmare (SeriousSAM) Vulnerability that is easily exploitable and impacts Windows 10 build 1809 and up and has no current patch. Until a fix is released, Microsoft has advised administrators to employ two workarounds for risk mitigation that is outlined in our blog.

February is often thought of as the month of love, and Microsoft certainly showed us some love this month. They released a minimal 56 patches, with 11 being Critical. While the overall number of vulnerabilities fixed this month is relatively low, there is still cause for concern. CVE-2021-1732 is a locally exploited Windows Win32K elevation of privilege bug that is actively being exploited in the wild. It's also worth noting that all 11 of the Critical rated updates fix Remote Code Execution vulnerabilities.

The first Patch Tuesday of 2021 brings 83 new Microsoft vulnerabilities, including 10 critical updates. All critical CVEs are remote code execution (RCE) bugs with the only exception being a memory corruption vulnerability. Vulnerabilities of note include CVE-2021-1647, a zero-day Microsoft Defender remote code execution vulnerability with exploitation detected in the wild. Two Important-rated vulnerabilities are deemed more likely to be exploited, these are CVE-2021-1707 and -1709.

Additionally, Adobe released a multitude of updates across their products, including Adobe Bridge, Captivate, InCopy, Campaign Classic, Animate, Illustrator, and Photoshop. View the patch index below for more details.

Starting with Windows 98, Microsoft included Windows Update that once installed and executed, would check for patches to Windows and its components, which Microsoft would release intermittently. With the release of Microsoft Update, this system also checks for updates for other Microsoft products, such as Microsoft Office, Visual Studio and SQL Server.

There have been cases where vulnerability information became public or actual worms were circulating prior to the next scheduled Patch Tuesday. In critical cases Microsoft issues corresponding patches as they become ready, alleviating the risk if updates are checked for and installed frequently.

At the Ignite 2015 event, Microsoft revealed a change in distributing security patches. They release security updates to home PCs, tablets and phones as soon as they are ready, while enterprise customers will stay on the monthly update cycle, which was reworked as Windows Update for Business.[12]

Furthermore, the Windows Update servers of Microsoft do not honor the TCP's slow start congestion control strategy.[25] As a result, other users on the same network may experience significantly slower connections from machines actively retrieving updates. This can be particularly noticeable in environments where many machines individually retrieve updates over a shared, bandwidth-constrained link such as those found in many multi-PC homes and small to medium-sized businesses. Bandwidth demands of patching large numbers of computers can be reduced significantly by deploying Windows Server Update Services (WSUS) to distribute the updates locally.

In addition to updates being downloaded from Microsoft servers, Windows 10 devices can "share" updates in a peer-to-peer fashion with other Windows 10 devices on the local network, or even with Windows 10 devices on the internet. This can potentially distribute updates faster while reducing usage for networks with a metered connection.[26][27]

As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these patches, please drop a note about it here in the comments.

Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. The technology giant, which has released patches for vulnerabilities in its software every second Tuesday of every month since 2016, is now set to roll out automatic updates.

Windows Autopatch will manage all aspects of deployment groups for Windows 10 and Windows 11 quality and feature updates, drivers, firmware and Microsoft 365 Apps for enterprise updates, which means all the drivers and firmware that are published to Windows Update as automatic will be delivered as part of Windows Autopatch, Microsoft says.

"A security gap forms when quality updates that protect against new threats aren't adopted in a timely fashion. A productivity gap forms when feature updates that enhance users' ability to create and collaborate aren't rolled out. As gaps widen, it can require more effort to catch up," Bela says.

In a separately released Windows Autopatch FAQ, Microsoft says the updates will be applied to a small initial set of devices, evaluated and then graduated to increasingly larger sets, with an evaluation period at each progression.

Microsoft says it has focused on curating ring populations, which it says is important because Autopatch uses a progressive update deployment. The updates will be installed in the Test ring devices and during a validation period, they will progress to another testing and so on.

"As more devices receive updates, Autopatch monitors device performance and compares performance to pre-update metrics as well as metrics from the previous ring where applicable. The result is a rollout cadence that balances speed and efficiency, optimizing productive uptime," according to Microsoft. "Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate. As Autopatch serves more updates, it only gets better."

"The first is the 'Halt' feature - updates won't move from ring to ring unless targets for stability are met, and updates can be halted by customers, too. The second is the 'Rollback' feature - if devices don't meet performance targets after being updated, the updates can be undone automatically. Third is the 'Selectivity' feature. This allows for portions of an update package to be passed on and portions that don't perform to target to be halted or rolled back selectively and automatically," Microsoft says.

Varley says Autopatch is the next phase in Microsoft's plan to move to entirely automated updates. The ability to only postpone - rather than outright decline - updates is now a standard feature in the Windows operating system, he says. But he adds that vendors, including Microsoft, "have a history of botched updates to overcome before enterprise organizations will begin to trust automatic updates again."

On Tuesday, December 14, 2021, Microsoft released its monthly set of software security patches. This month, Microsoft has patched 67 software vulnerabilities in total, including seven critical issues and a zero-day vulnerability being exploited in the wild.

The day following the release of the security updates on Patch Tuesday is called the Exploit Wednesday, as hackers become more active on these days, preying on unpatched vulnerabilities. Hence, it is recommended to install a patch as soon as possible to reduce the risk of security breaches. 2ff7e9595c