March Patch Tuesday forecast: In like a lamb, out like a lion
It’s March and up here in the Midwest we have a saying for this early spring month, “In like a lamb, out like a lion.” Often the month of March comes with a light start only to be followed by one last large lion of a snowstorm. Will we see this in March’s Patch Tuesday? Let’s take a look.
Right now, we are expecting releases from Adobe for Flash Player and the Mozilla Firefox may be due for an update. Google Chrome just released an update this week resolving 27 CVEs, so put that update on your radar for the month. Aside from that it may be a light month for 3rd party applications.
Adobe released Reader and Acrobat updates last month, so unless there is a surprise waiting, Flash Player should be it from them. Oracle won’t have an update for us again until April. There are often a few other vendors with releases around this time of the month, but they aren’t always security related.
Microsoft may have a light month. In February we just had Operating System, IE and Edge, Office, and SharePoint, so it was a pretty standard month. This month I think we can expect roughly the same, but we might be due for a .Net Framework update, or Exchange or SQL as well, as it has been a couple of months now.
As we near spring, it’s good to get an idea of what house cleaning items and long-term projects you may want to ensure are on your to-do list or are moving forward steadily. A regular activity that all companies should engage in is evaluating what software and operating systems are either out-of-service or coming up on-end-of service dates. These systems and applications pose a significant security risk and can often take a while to transition away from, as we found in a 2017 survey on Windows 10 migration. Out of 1800+ companies surveyed in April 2017 we found that 91 percent had Windows 10 installed and had begun assessing, but only 34 percent had started to roll out to production.
As of January, we are two years out from the end-of-service for Windows 7. Windows 7 will reach end of extended service on January 14th, 2020, so for many companies this is a risky date. Depending on the source, Windows 10 adoption had slowed up a bit, but as of January, Windows 10 has overtaken Windows 7 systems in production around the world. The Ivanti sponsored survey did find that nearly 80 percent of those companies had a migration plan in place that would roll out in two years or less.
So many companies are on the right track, but there were around 20 percent that expected the migration to take more than two years or had not yet made plans to migrate. A good question to ask this spring is, what is the state of your Windows 10 migration? Are you on track to transition off of Windows 7 before January 2020?
Speaking of Windows 10 and migrations, there is also the need to upgrade branches within the Windows 10 family. Microsoft has made some changes to their release schedule for feature releases and end-of-service for older Windows 10 branches. Check out the Windows Lifecycle Fact Sheet, which has been updated as of February 2018 with the latest information on Windows 10 branch support. We have a few branches rapidly approaching end-of-service.
In April, Windows 10 1607 will reach end-of-service. Note that Microsoft has made a six-month extension for Education and Enterprise editions, so customers on those editions will receive an additional six months of support. Branch 1703 will reach end-of-service in October 2018.