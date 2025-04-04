Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management, conditional access optimization, vulnerability remediation, and threat intelligence briefing.

The goal of these agents is to continuously pull in information from these different disciplines and provide both manual and automated recommendations for action in Microsoft products. The ability to use AI to learn and adjust their recommendations continuously makes them adaptive to the threat environment. This Copilot ecosystem also supports third-party integration options and several beta options will be available by the end of April. This is a big step forward in using AI and bears watching to see how effective it is in combating threats.

There are several things to watch for in Microsoft’s upcoming releases next week. In oddly related news to Copilot, there was a bug in the March cumulative updates that uninstalled the app and unpinned it from the taskbar. This applied to some users when deploying KB5053598 (Windows 11 24H2) and KB5053606 (Windows 10 22H2). This has since been resolved and should be fixed in next week’s updates.

Microsoft has also reported an issue where remote desktop protocol (RDP) sessions and remote desktop services (RDS) might disconnect if you’ve installed the January preview and subsequent updates. More cases were reported following the March cumulative update, and Microsoft has taken action to resolve it. It appears to be fixed in the latest preview patches, but this is another issue to watch for after April Patch Tuesday.

Sometimes, vulnerabilities reported to Microsoft don’t always get immediate attention because they have other mitigating circumstances or are rated low-security threats. The Zero Day Initiative reported vulnerability ZDI-25-148 which has been exploited since 2017 and allows for remote code execution. Microsoft acknowledged that ‘Microsoft Defender has detections in place to detect and block this threat activity, and the Smart App Control provides an extra layer of protection by blocking malicious files from the Internet’ and that they will consider it for a future security update. An interesting situation to follow and see if a direct patch is released.

April 2025 Patch Tuesday forecast

It’s been a quiet month for Microsoft with no major security issues reported, so I forecast the April release will be very similar to March with just the standard OS, Office and security tool updates and a light CVE count.

Adobe addressed nine vulnerabilities in Acrobat and Reader last month, which was a month early from their usual quarterly update. I wouldn’t expect another update this month.

Apple released security updates Ventura 13.7.5, Sonoma 14.7.5, Sequoia 15.4, and Safari 18.4 on March 31. There were also mobile device iOS updates on the same day. If you haven’t already, include these in your Patch Tuesday deployments.

Google released Chrome Desktop 136 to the Beta channel for Windows, Mac and Linux so expect the GA release next week.

Mozilla Foundation released security updates this week for Firefox and Thunderbird 137, Firefox ESR and Thunderbird ESR 128.9, and Firefox ESR 115.22 which were all rated High. But be aware they also released a critical, zero-day update on March 27th for all three supported versions of Firefox. Prioritize deploying these latest updates to protect against this known threat.

The use of AI in security technology and operations is accelerating. The often-written sci-fi scenario of malware and security software battling for dominance in cyberspace is getting closer by the day. In the meantime, have a happy Patch Tuesday with forecasted standard updates from Microsoft and Google.