Patch Tuesday, January 9, 2024, was not very big as the releases fixed 39 vulnerabilities in Windows 10, and 35 in Windows 11, however, none of them were zero-day vulnerabilities at the start of the new year. Furthermore, they did not contain updates for Office 2013 and Office 2016. Only the web versions of the services received a patch against one vulnerability. Now it is the turn of Patch Tuesday, February 13, 2024: Windows 11 and Windows 10.
However, the lull did not last long, and soon new security problems were discovered that were used in real attacks.
Table of Contents
Windows 11 and 10 Patch Tuesday, February 13, 2024 updates
Microsoft Server 2025
Microsoft revealed the availability of Server 2025 on the Windows Server Insider Channel. The Redmondians has not announced an official date for the product’s public release, but it is expected to be this fall.
For the release of preview builds, Microsoft uses an update process named “fighting”. The process delivers Windows updates which you can manually or automatically install as in-place updates. These updates are released approximately every 2 weeks without installing a new version each time.
Microsoft Ignite conference last fall planned to release new features for Server 2025. Key improvements include the ability to subscribe via Azure Arc, some Active Directory storage updates, security updates for SMB communications over Quick UDP, and Hotpatching technology. This procedure delivers real-time updates to the running system’s memory without the need to restart the device for the changes to take effect. The rollout process is not yet complete, but you can already test the latest server version.
Apple, Google, Ivanti, and Microsoft
EventLogCrasher, a zero-day vulnerability, affects Windows 11, 10, 8, and 7, but Microsoft believes this is the same bug that was reported back in 2022. This attack caused the event logging service to fail, which could hide additional activity on the system. Microsoft stated that the issue would be fixed in a future update and recommended installing patches against zero-day vulnerabilities as soon as possible to protect against potential attacks.
On 23/01/2023, Microsoft released preview updates for Windows 10 22H2, Windows 11 22H2 and 23H2. Redmondians say that ” after February 2024, there will be no more optional non-security preview releases for Windows 11 version 22H2 “. Therefore, only monthly cumulative security updates as Release B or Update Tuesday will remain for the other versions of Windows 11 except for 23H2 and Windows 10 except 22H2 from next month. Only Windows 11 23H2 and Windows 10 22H2 will continue to receive security updates and optional releases.
The first reports of zero-day vulnerabilities and some software updates from Microsoft, Google, Ivanti, and Apple have recently been rolled out. On 22/01/2024, Apple unleashed updates for all of its operating systems including Safari 17.3 for Ventura macOS and Monterey. These releases contain a bug fix for the security vulnerability CVE-2024-23222, which penetrates the security system to execute arbitrary code via maliciously crafted web content. Apple said the fault has already been exploited in real attacks but did not provide any details.
Google released Chrome Stable updates for Windows, MacOS, Linux, and on 16/01/2024. The new Chrome versions resolve the CVE-2024-0519 vulnerability, which allows out-of-bounds data access in the V8 engine. The company declared that this vulnerability has already been exploited in real attacks, but did not provide details.
In the same manner, Ivanti has rolled out patches for 5 vulnerabilities affecting Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways. 3 of these vulnerabilities have been exploited in actual attacks, and Ivanti encourages customers to patch them instantly.
Patch Tuesday, February 2024 Forecast
- On Patch Tuesday, February 2024, Microsoft should release a complete set of releases: all updates to Windows 11 all versions, Windows Server 2022, Windows 10, Office, Exchange Server, and SharePoint. The previous month, an update to the .NET framework was rolled out. Windows updates for Server 2012 R2 as well as 2012 are only available via the Extended Security Updates means the ESU program.
- The last security update for Adobe Acrobat and Reader was released in November 2023 and we are looking for new releases.
- Apple released a wide range of OS updates on 22/01/2024, so nothing is expected yet.
- The company Google released Chrome version 122.0.6261.18 beta for Windows, Mac, and Linux back on January 31/01/2024. The next update is expected in the upcoming few days. The releases are cumulative updates, so they will include the fix for CVE-2024-0519 that we have discussed above.
- Mozilla released Thunderbird 115.7, Firefox ESR 115.7, and Firefox 122 on 23/01/2023. The Firefox update contains fixes for 5 high-rated vulnerabilities and 10 medium-severity vulnerabilities. New releases are no longer expected yet.