January 2020 Patch Tuesday forecast: Let’s start the new decade right

The holidays are over, and another Patch Tuesday is rapidly approaching. My New Year’s resolution was to stop procrastinating when it comes to getting organized. I have several locations in my house where I store things and every time I open a drawer or door, I think “I really could make better use of this space if I just took the time to get it organized.”

Over the holidays, I finally took the time to get started. I cleared out stuff I no longer needed, cleaned out the area, arranged what was left, and was amazed at the results. One less thing I had to worry about, and I felt better about myself too. Maybe there is a lesson here to be carried over to our security operations?

We all have those systems that always have issues during updates. We know they are there and dread working on them, just because they slow down our patch cycle. In the end, they are either the last to get patched or they don’t get patched at all and we just wait another month worrying about them being in a possible vulnerable state. Maybe we need a resolution to tackle these systems head-on so we don’t need to worry about them anymore.

Take the time to resolve the issues, or if they are old, consider a complete replacement of the hardware and software. We have enough stress in our lives so don’t prolong it worrying about these systems month after month. Take the time to fix the issues and you will be more efficient overall. Join me in this resolution and we can start the new decade right.

The January 2020 Patch Tuesday will provide us with the last free update of Windows 7 and Server 2008/2008 R2. We’ve talked about it for the last several months and it is finally here. Microsoft released additional guidance if you are planning on subscribing to extended security updates; make sure your systems are prepared.

It’s challenging to forecast what we will see from Microsoft this month. I was expecting to finish out last year with a bang, but we really ended on a whimper. The OS updates contained minimal CVE fixes with only 16 for Windows 10 and the low teens across the remaining legacy systems.

Other than these OS updates, we had the usual Office releases but no Exchange, Sharepoint, .NET, or other updates. It was one of the lightest patch Tuesday releases in a long time. Microsoft may have ‘saved up’ other updates for January Patch Tuesday, but I suspect not.

January is a typically a light month for releases, and I expect that trend to continue.

January 2020 Patch Tuesday Forecast

• We are overdue, so expect a .NET update from Microsoft. Windows 7 and Server 2008/2008 R2 may get some special attention this month since it is the final public security release.
• Mozilla released a major update on Tuesday, so if we get anything next week it will only be a minor update.
• Google released their last major updates back on December 10 and a minor update this week, so I don’t expect anything here.
• We saw security updates for Acrobat, Reader, and Flash (after several months with none) last month. Be on the lookout for a possible Flash update, but no pre-announcements have been made for any of these products so far.
• Apple released major security updates on December Patch Tuesday, so I don’t expect any this month.

With a light January 2020 Patch Tuesday forecast, give some thought to starting the decade right!