Microsoft Patch Tuesday – December 2024

Today is second Tuesday of the month, Microsoft Patch Tuesday. The day the cyber security world thinks about Microsoft patches and vulnerabilities. But remember other vendors also release cyber security and functionality updates and patches on or around the same time – check those as well.

Our support team have started reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. Our team will also keep an eye on the reports for the next day or two to check there are no issues, stagglers or absconders! It is always a busy time for us and should be for you or your IT or Cyber Security Support as well.

Here is Microsoft’s detailed page on Patch Tuesday for December 2024:

December 2024 Security Updates – Release Notes – Security Update Guide – Microsoft

Cyber security highlights

Microsoft has released security patches for 71 vulnerabilities and 16 of these are considered critical. One of these issues was made public before the release and was already being exploited by threat actors (CVE-2024-49138) – a classic zero-day vulnerability – patches trying to catch up with the threat actors.

What are zero-day vulnerabilities

Ok, so you do not use Windows – you are a Mac person and proud of it, Patch Tuesday has no impact on you. But what happens when your supplier or best client skips the Patch Tuesday updates? These updates are important for everyone!

Your Takeaway from Microsoft Patch Tuesday.

As always the day after Patch Tuesday is a busy day for our team as we check the reports from the SOC and RMM to ensure the clients we look after, everyone in their organisations have updated their systems. If you do not have that kind of support then get these updates done and check that the auto-updating has auto-updated.

Microsoft Patch Tuesday patches are essential for your cyber security

Why is Microsoft’s Patch Tuesday Important?

Just a few months back a high-profile hack of the UK’s Electoral Commission, was partly attributed to a failure to apply updates and patches to their systems:

Just when you thought the election was behind us!

Patching and updates are an important step in every cyber security plan – you and you team must get them done – read about that here:

How Microsoft Patch Tuesday can help your cyber security planning

and here:

Don’t Skip That Restart | Octagon Technology

If you’d like our team to check that the updates are being done, have a look here.

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading