It’s hard to believe we’re almost halfway through our 2020 Patch Tuesdays already. Working from home has a strange effect on time – each day seems very long, but the weeks are flying by. Regardless, another patch Tuesday is coming next week. May 2020 Patch Tuesday was pretty light on updates as predicted, so I’m expecting we’ll see a more standard release of updates from Microsoft this month.
Windows 10 and Windows Server
One item to factor into your patch Tuesday process is the new release of Windows 10 version 2004 and Windows Server version 2004. These latest versions of Windows 10 were released without major fanfare, as Microsoft pre-announced, on May 27.
Unlike the 1903 to 1909 update which was done via feature enablement, this is a full, new release. The good news is that the update time has come down significantly from earlier versions such as 1703 which could take up to 90 minutes on average
For those of you using Windows Update for Business for deployment, there are several enhancements to check out. One of operational importance is the new ability in InTune to identify the target version you want to update to and maintain on all your devices. You can also configure this as a Group Policy or Configuration Service Provider (CSP) policy.
This update also contains enhancements to existing security features in Windows 10. Application Guard, which uses containers, now supports Microsoft Edge on Chromium and can be enabled to enforce protection when Microsoft 365 applications are opened. Microsoft also rolled out more configuration options around their Sandbox feature which was introduced back in version 1903. Windows 10 version 2004 will follow the usual 18-month support model and you can find out more details around the entire set of 2004 features here.
Microsoft announced that starting in May 2020, they are pausing all optional, non-security updates for Windows client and server products (Windows 10, version 1909 down to Windows Server 2008 SP2). They are doing this to relieve the pressure of updating systems while everyone is working remotely. These updates will be included in the regular patch Tuesday releases.
Just a quick reminder Microsoft also delayed the end-of-support date for the Enterprise and Education versions of Windows 10 1709 to October 13 and the Sharepoint 2010 Family (SharePoint Foundation 2010, SharePoint Server 2010, and Project Server 2010) to April 13, 2021. Along with this extended timeline comes the need to continue patching these older systems with the latest security updates.
June 2020 Patch Tuesday forecast
- Expect to see the full set of Microsoft operating system and application updates this month with the exception of .NET updates which were released in May. We didn’t see any of the server updates last month, e.g. SQL, Exchange, etc. so expect at least a few of these.
- A new set of Extended Security Updates (ESUs) for Windows 7 and Server 2008/2008 R2 should be released along with the standard updates.
- Servicing stack updates (SSUs) have continued to be released almost monthly and some are mandatory to install before deploying the latest cumulative or security updates. Pay careful attention to the requirements surrounding these in order to prevent problems during your patch cycle.
- Adobe released a major security update for Acrobat and Reader last month and a minor security release this week. Adobe Flash has not seen a security update for a while, so it could happen.
- Apple released their security updates for iTunes, iCloud, and the supported operating systems last week.
- Google released a security update for Chrome 83 this week.
- Mozilla provided security updates this week for Firefox 77, Firefox ESR 68.9, and Thunderbird 68.9
June Patch Tuesday will be light on major third-party releases, allowing us to focus on the Microsoft releases. With 2-3 months of managing updates in this strange new world and an expected standard release set from Microsoft, June Patch Tuesday should be steady as she goes.