Getting the latest Windows 11 security update will no longer be optional as Microsoft has now decided to make it a mandatory automatic update for consumer PCs.
Since October 2024, it’s been available as an optional upgrade. However, starting January 16, 2025, that is no longer the case.
In a note on its website, Microsoft said, “We have reached a new stage in the phased rollout of version 24H2.
Eligible devices running Home and Pro editions of Windows 11, versions 23H2 and 22H2 will be gradually updated to version 24H2 of the Companies security protection platform.
“This automatic update targets only devices that are not managed by IT departments. Users can choose the time to restart their device or postpone the update.”
Microsoft has begun automatically downloading and installing Windows 11 24H2 on compatible Windows 11 PCs.
There are several changes that are available as part of Windows 11 24H2 including support for USB4’s 80Gbps option, Bluetooth LE Audio for hearing aids, and Energy Saver controls.
Microsoft is adopting a staggered approach, so not everyone will see the update notification immediately.
They’ll push the update out to a subset of users, monitor the roll out for bugs, and then expand it availability to more users.
Microsoft has a page dedicated to explaining some of the bugs that they’ve identified (or which users have reported to them) regarding Windows 11 24H2, and have outlined the patches for them.
Microsoft Outlook Vulnerability
In a recent security alert, Microsoft warned users of the possibility of hackers distributing malware using the Outlook email client.
“In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim’s Outlook application displaying a preview of a specially crafted email. This could result in the attacker executing remote code on the victim’s machine,” explained Microsoft.
This bug is in the Windows Object Linking and Embedding (OLED) function, allowing you to embed and link to documents and other objects, such as adding an Excel chart to a Word document. Even previewing the email is enough for a user’s system to be infected.
Microsoft gave the vulnerability a severity score of 9.8 (critical) since it uses freed memory and corrupts valid data, or parcels out malware remotely, reported Digital Trends.
To counter this latest vulnerability, Microsoft has already released a patch for the CVE-2025-21298 user-after-free vulnerability and has urged users to apply it immediately. If you can’t apply the patch at the moment, Microsoft suggests viewing your emails in large LAN networks as plain text and turning off or restricting NTLM traffic altogether.
