The monthly cumulative updates, or ‘differentials’ from the checkpoint update, as Microsoft calls them, will begin anew in the form of much smaller files. Now available for systems that meet the hardware requirements, it includes many new security features, including SMB protocol and firewall rule changes, personal data encryption for folders, and support for the SHA-3 family of algorithms from the National Institute of Standards and Technology (NIST), to name a few. October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The final updates for Windows 11, 21H2 Enterprise and Education versions, and Windows 11 22H2 Home and Professional are coming next week. This release also introduces Windows 11 Enterprise LTSC 2024, which follows the last LTSC release, Windows 10 Enterprise LTSC 2021. September 2024 Patch Tuesday provided updates addressing 31 CVEs in Windows 11 and 45 CVEs in Windows 10. This update is a complete OS replacement, so there is no enablement package option from previous versions of Windows 11. Windows Server 2025 has yet to debut, but it is expected to be released in conjunction with Ignite 2024, which is coming in November. Microsoft introduced ‘checkpoint cumulative updates’ in this version of Windows 11. These consist of more minor monthly cumulative updates followed by a periodic checkpoint update consisting of the previous monthly updates. The important takeaway is that the Windows update process will handle all these files for us and use less bandwidth and storage space. The usual Microsoft Office and Sharepoint Server updates and a Microsoft SQL Server release were there. This brings to light practical guidance that longer, simpler passwords are more secure and easier to remember for most users and that password churn in the form of frequent resets only results in users choosing weaker passwords so they can remember them. Four known exploited zero-day vulnerabilities were reported in the group; three were in the operating systems, and one was in Microsoft Publisher in the Office suite. The controversial Recall feature, which uses AI technology to retrieve previous activity on the machine, has updated security and privacy controls, and there is also an option to remove it entirely. This should be a pretty easy October 2024 Patch Tuesday with only Microsoft and Google in the forecast. The second public draft of NIST Special Publication 800-63B Authentication and Authenticator Management drops mandatory reset rules and password complexity. It may be a good time to get familiar with the new Windows 11 24H2, as your users will ask for it soon enough.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 04 Oct 2024 05:13:05 +0000