Heading into October Patch Tuesday on the heels of big announcements from Microsoft

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

October is here and Patch Tuesday is next week, followed quickly by Halloween. Don’t be scared (unless you are a Facebook user)! The winds of change are blowing this fall season, starting with several new announcements from Microsoft.

October Patch Tuesday 2018 preview

Windows 10, version 1809

First up, Microsoft announced the release of Windows 10, version 1809. This new release should have a major impact on those of us involved in software distribution and updates. Microsoft introduced four significant changes:

1. Intelligent scheduling of updates on mobile devices.
2. Intelligent reboot scheduling.
3. Faster updates with less downtime.
4. Smaller downloads for quality updates.

This final feature, called Latest Cumulative Update (LCU), significantly changes the update model and per Microsoft “there will be only one quality update type—and it will be smaller in size, redistributable, and simpler to manage.” There will be many advantages over full, delta, and express updates as explained in this blog. And don’t forget that delta updates will no longer be offered after the February 2019 Patch Tuesday. We’ll be watching closely to see how this new update process works out over the next couple of months; it looks like a major improvement so far.

Along with the release of Windows 10 version 1809, Microsoft introduced a third operating system into the Long-Term Servicing Channel, named Windows 10 Enterprise LTSC 2019. This joins Windows 10 LTSB versions 2015 (1507) and 2016 (1607). So why are we getting new LTSC versions if the original one is supposed to be supported for 10 years? The answer lies in the continuing evolution of hardware. The newer LTSC releases can take advantage of features in the newest processors from Intel and AMD. If you want to run an older LTSC release on hardware released around the same time, you should get 10 years of run-time along with the continued releases for that channel.

Microsoft Server 2019

The final announcement I will cover here is the release of Microsoft Server 2019. This operating system became generally available on October 2. As Microsoft expands the Azure cloud, their operating systems become more cloud-enabled. Server 2019 takes advantage of the Azure cloud services like Backup, File Sync, and others. Security continues to get attention with the addition of Shielded VMs for the Linux subsystem and Windows Defender Advanced Threat Protection (ATP) which detects attacks and zero-day exploits.

Facebook breach

The big security news since last Patch Tuesday is the Facebook breach which potentially compromised 50 million user accounts. According to the latest news, three vulnerabilities were exploited and at least one dates back to July 2017. From the time of detection, it took 11 days to completely secure the systems.

This event is just beginning to unfold and could result in some landmark changes for many companies involved in social media. The EU is investigating Facebook’s compliance with its obligation under the GDPR, and could impose over $1 billion in fines depending upon the findings. I expect to see some changes in security accountability similar to the financial community. This event certainly has everyone’s attention because it “hits close to home.”

October forecast

Let’s look ahead to our forecast for Patch Tuesday week.

  • Microsoft announced the possibility of separate cumulative .NET patches for Windows 10, so we may see something there. Otherwise expect, the usual set of OS and Office updates. Could we see a 1809 update already? Doubtful, but possible.
  • Adobe Acrobat and Mozilla Firefox released this week, so we expect only the usual Flash update next week.
  • Don’t forget Oracle has their Critical Patch Update (CPU) on October 16 so in addition to their application updates you can get the latest Java patches.
Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.