Here's a look at the most recent Patch Tuesday release from Microsoft as well as a collection of recent updates so you can track what's changed.
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.
The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay.
In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”
Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe, among others, follows a similar patch cadence.
Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.
In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.
For December’s Patch Tuesday, 74 updates and a zero-day fix for Windows
Microsoft released 74 updates with this Patch Tuesday update, patching Windows, Office and Edge — but none for Microsoft Exchange Server or SQL server. One zero-day (CVE-2024-49138) affecting how Windows desktops handle error logs requires a “Patch Now” warning, but the Office, Visual Studio and Edge patches can be added to your standard release schedule. There are also several revisions this month that require attention before deployment. More info on Microsoft Security updates for December 2024.
November: This Patch Tuesday release includes 3 Windows zero-day fixes
Microsoft’s November Patch Tuesday update addresses 89 vulnerabilities in Windows, SQL Server, .NET and Microsoft Office — and three zero-day vulnerabilities in Windows that mean a patch now recommendation for Windows platforms. Unusually, there are a significant number of patch “re-releases” that might also require IT admin attention. More info on Microsoft Security updates for November 2024.
October: A haunting Patch Tuesday: 117 updates (and 5 zero-day flaws)
This month’s Patch Tuesday delivers a large set of patches from Microsoft that fix 117 flaws, including five zero-day vulnerabilities. Though there are patches affecting Windows, SQL Server, Microsoft Excel and Visual Studio, only the Windows updates require a “Patch Now” schedule — and they’ll need a significant amount of testing because they cover a lot of features: networking, kernel and core GDI components and Microsoft Hyper-V. Printing should be a core focus for enterprise testing and the SQL Server updates will require a focus on internally developed applications. More info on Microsoft Security updates for October 2024
September: Latest Patch Tuesday update fixes 4 zero-days
Addressing four zero-days flaws (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 and CVE-2024-38217), this month’s Patch Tuesday release from Microsoft includes 79 updates to the Windows platform. There are no patches to Microsoft Exchange Server or the company’s development tools (Visual Studio or .NET). And Microsoft addressed a recently exploited vulnerability in Microsoft Publisher with two critical updates and nine patches rated important for Microsoft Office. More info on Microsoft Security updates for September 2024.
August: Patch Tuesday means patch now
Microsoft pushed out 90 updates in its August Patch Tuesday release, including fixes for five Windows zero-days (CVE-2024-38178, CVE-2024-38193, CVE-2024-38213, CVE-2024-38106, CVE-2024-38107) and one zero-day affecting Office (CVE-2024-38189). This means a “Patch Now” recommendation for both Windows and Microsoft Office. Microsoft offered several (pretty useful) mitigations and recommendations to reduce the impact of these security issues. More info on Microsoft Security updates for August 2024.
July: 4 zero-day flaws
This July’s Patch Tuesday from Microsoft addressed a significant number of vulnerabilities, including four zero-day threats. Here’s a quick rundown: Microsoft released updates for SQL Server, with patches for Windows, Office, .NET, and Visual Studio. It also released four critical updates for Windows, including patches for Hyper-V and MSHTML. There’s one critical update for Office’s SharePoint platform.
More info on Microsoft Security updates for July 2024.