Microsoft will begin force-upgrading Windows 11 22H2 systems to version 23H2 starting October 8, 2024, as the former reaches end of support. This applies to various editions, including Home and Pro. The upgrade aims to ensure continued security and support for users, with details available on Microsoft’s Lifecycle Policy and support pages. Windows 11 versions 21H2 and 22H2 are no longer supported, meaning users won’t receive updates or security patches, increasing vulnerability to threats. The next major update, 24H2, is expected by the end of 2024, giving 23H2 at least another year of support.
Microsoft’s September 2024 Patch Tuesday addressed over 70 vulnerabilities, including three actively exploited bugs. A critical issue affects Windows 10 version 1507, causing it to revert security updates, leaving systems vulnerable. Users are advised to install the latest servicing stack and security updates to restore protections. Additional vulnerabilities were fixed across Azure, SharePoint, and other Microsoft products, while Adobe and Intel also released patches for various security flaws.
Also, starting in October 2024, Microsoft Office 2024 will turn off ActiveX controls by default in Word, Excel, PowerPoint, and Visio to enhance security, following concerns over vulnerabilities exploited by hackers. Users can revert to previous settings, but interaction with ActiveX objects will be restricted. This change is part of a broader initiative to mitigate security risks associated with legacy features in Office applications.
Why do we care?
These forced upgrades, while beneficial for security, put additional pressure on IT departments. Make sure you’re proactive to avoid the higher level of pressure. These constant updates, security patches, and forced upgrades mean businesses need to allocate more budget and resources to IT infrastructure management. Proactive investments in automated patch management solutions, cybersecurity training, and system monitoring tools can help offset some of the ongoing costs associated with these updates. However, smaller businesses without the resources of large enterprises may struggle to keep up, leaving them more vulnerable to cyberattacks and compliance risks. That, of course, is your opportunity and justification for delivering those services.
ActiveX has long been a target for hackers due to its vulnerabilities, and this change should reduce attack surfaces across enterprise environments. However, organizations that rely on legacy systems or custom solutions involving ActiveX may face challenges as they adapt to these new security restrictions. There’s opportunity there for sure.
