Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

November: This Patch Tuesday release includes 3 Windows zero-day fixes

Microsoft’s November Patch Tuesday update addresses 89 vulnerabilities in Windows, SQL Server,.NET and Microsoft Office — and three zero-day vulnerabilities in Windows that mean a patch now recommendation for Windows platforms. Unusually, there are a significant number of patch “re-releases” that might also require IT admin attention. More info on Microsoft Security updates for November 2024.

October: A haunting Patch Tuesday: 117 updates (and 5 zero-day flaws)

This month’s Patch Tuesday delivers a large set of patches from Microsoft that fix 117 flaws, including five zero-day vulnerabilities. Though there are patches affecting Windows, SQL Server, Microsoft Excel and Visual Studio, only the Windows updates require a “Patch Now” schedule — and they’ll need a significant amount of testing because they cover a lot of features: networking, kernel and core GDI components and Microsoft Hyper-V. Printing should be a core focus for enterprise testing and the SQL Server updates will require a focus on internally developed applications. More info on Microsoft Security updates for October 2024

September: Latest Patch Tuesday update fixes 4 zero-days

Addressing four zero-days flaws (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 and CVE-2024-38217), this month’s Patch Tuesday release from Microsoft includes 79 updates to the Windows platform. There are no patches to Microsoft Exchange Server or the company’s development tools (Visual Studio or.NET). And Microsoft addressed a recently exploited vulnerability in Microsoft Publisher with two critical updates and nine patches rated important for Microsoft Office. More info on Microsoft Security updates for September 2024.

August: Patch Tuesday means patch now

Microsoft pushed out 90 updates in its August Patch Tuesday release, including fixes for five Windows zero-days (CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107) and one zero-day affecting Office (CVE-2024-38189). This means a “Patch Now” recommendation for both Windows and Microsoft Office. Microsoft offered several (pretty useful) mitigations and recommendations to reduce the impact of these security issues. More info on Microsoft Security updates for August 2024.

July: 4 zero-day flaws

This July’s Patch Tuesday from Microsoft addressed a significant number of vulnerabilities, including four zero-day threats.  Here’s a quick rundown: Microsoft released updates for SQL Server, with patches for Windows, Office,.NET, and Visual Studio. It also released four critical updates for Windows, including patches for Hyper-V and MSHTML. There’s one critical update for Office’s SharePoint platform.More info on Microsoft Security updates for July 2024.

June: Relatively quiet on major updates

This month’s Patch Tuesday brought mostly low-risk updates with no reported zero-day vulnerabilities. Key areas addressed include changes to Secure Boot (requiring third-party driver testing), code integrity policies (needing verification for Windows Defender features), and core Windows systems (necessitating broad application testing). While there were no critical updates for Office or Exchange Server, some updates to Visual Studio require attention for developers.More info on Microsoft Security updates for June 2024.