MS-DEFCON 2: Microsoft and Apple betas near finish line

By Susan Bradley

Hold off on updates from both companies until they are fully vetted.

With so much activity around forthcoming Windows updates, continued caution is recommended. That’s why I’m raising the MS-DEFCON level to 2.

I realize that the window between today and last week’s Alert has been brief. It’s just a matter of the calendar — more testing time was needed last month, and Patch Tuesday is next week.

I consider Apple’s updates more impactful. iOS 18 will be out next month with new customization options, AI features, SIRI improvements, and more. Don’t be the first to jump into those updates; give them time to settle and let others take the slings and arrows.

Microsoft still appears to be on track to release Windows 11 24H2 in September or October. As I’ve said before, I don’t see many compelling changes for consumers. The 24H2 release will have a new Long-Term Servicing Channel edition, allowing businesses to have a version with fewer changes and disruptions.

The upcoming Windows 11 update will include fixes for the following issues:

The upcoming Windows 10 release will include a fix for the following problem:

I am still seeing individuals having issues installing Office 2019 updates on some (but not all) machines. If you need to manually update Office, do not uninstall and reinstall. Instead, follow this procedure.

Microsoft has refreshed KB5001716 for Windows 11 to get ready for the 24H2 release. The main goal is to ensure that you get the proper notification when a feature release is coming to its end of life. If you are up to date on 23H2 and use tools to defer or hide the updates, you can safely hide this update. If you are a Windows patcher who merely defers, I have no indication that this update is a problem and recommend leaving it installed if it’s already there.

If you are an Android phone or tablet user, don’t forget to hop over and ensure that updates are installed. This month’s Android security releases include a fix for a zero day. However, there are no details on how the attack may occur. Reports so far imply that this is a targeted attack from a highly motivated attacker, such as some overseas government going after specific targets. CVE-2024-36971 has no clear explanation of how the attackers are getting onto the devices. Although Google Pixel devices will receive the updates quite soon (if they haven’t already), other devices take longer because carriers test and approve the fixes before pushing them to their customers.

Las Vegas is hot in the summer. That’s the perfect time of year to spend hours in air-conditioned event venues soaking up the latest security information at the annual Black Hat USA 2024 security conference. I won’t be there in person, but I will be availing myself of A/C while I watch remotely to review the research that is released. I sometimes think these events are more hype than substance, but the agendas always look interesting.

One talk, Windows Downdate, made me chuckle a bit. The idea is that attackers can wiggle into your system, download older binaries, and thus make your box vulnerable to security issues that have been addressed in more recent releases. As a byproduct, the “downdate” damages the Windows update components to prevent newer updates from being installed. The chuckle comes from realizing that Microsoft itself does that quite well on its own. It will be interesting to see the research and the tool released.

Reminder: The enforcement indicated in KB5025885 regarding Boot Manager revocations for secure boot changes has been kicked down the road. The July 9 security updates ushered in the “deployment phase,” but the enforcement phase will be six months (or more) from now. Microsoft will let us know when the last phase goes into effect, but meanwhile I’m working on an article on how best to handle this in both standalone and business settings.

Resources

Source