Microsoft is rewriting Windows patch guidance because of AI

Microsoft has issued a timely advisory urging organizations to reconsider their Windows update deployment timelines. The tech giant emphasizes that advancements in artificial intelligence are significantly shortening the window of opportunity for cyber attackers to identify and exploit vulnerabilities following the release of security updates.

Jeremy Chapman, Director of Microsoft 365, articulated the urgency of this recommendation, stating, “If you’re not delivering critical quality updates with security fixes until a couple of weeks after they’ve been issued, that’s ample time for attackers using AI to find and exploit known security gaps.” In light of this, Microsoft suggests that businesses should evaluate the speed at which they implement monthly security updates, especially on devices where expedited deployment can occur without hindering operations.

Recommended Update Settings

To enhance security, Microsoft recommends specific settings for Windows updates:

  • A quality update deferral period of fewer than three days
  • Update deadlines of zero or one day
  • A grace period of no more than two days

Using Windows Autopatch to Identify Unpatched Devices

The newly introduced Windows Autopatch report within Microsoft Intune serves as a valuable tool for identifying unpatched devices. This report highlights systems that remain vulnerable after security updates are made available, enabling administrators to adjust update deferral policies for specific device groups, thereby minimizing exposure. The service automates the deployment of updates for Windows, Microsoft 365 Apps, and Microsoft Edge across administrator-defined device clusters.

Applying Update Policies

Organizations can configure necessary settings for update delivery through policy controls in Windows Autopatch and Microsoft Intune. Similar time-sensitive policies can also be established using other Windows software update management tools, including Microsoft Configuration Manager and Windows Server Update Services.

Reducing Exposure with Hotpatch and Conditional Access

To further mitigate risks, Microsoft advocates for the use of Hotpatch, which is automatically enabled on supported systems. This feature allows eligible security updates to be installed without necessitating a reboot, facilitating quicker deployment of protections while minimizing disruption for users. Additionally, organizations are encouraged to enforce compliance through Conditional Access policies, which restrict access to corporate resources for devices lacking the required updates, thereby reducing the risks associated with unpatched systems.

Winsage
Microsoft is rewriting Windows patch guidance because of AI