Geeks for your information
Microsoft Windows Security Updates October 2022 overview - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Microsoft Windows News (https://www.geeks.fyi/forumdisplay.php?fid=32)
+--- Thread: Microsoft Windows Security Updates October 2022 overview (/showthread.php?tid=17849)



Microsoft Windows Security Updates October 2022 overview - harlan4096 - 12 October 22

Quote:It is the second Tuesday of the month, and that means that Microsoft released security updates for all supported client and server versions of Windows. The October 2022 Patch Day brings updates for other Microsoft products as well, some of which are security related.

[Image: microsoft-windows-october-2022-updates.png]

The cumulative updates for Windows include security updates but also other non-security improvements, including bug fixes, but sometimes also new features.

Our overview helps home users and system administrators get a quick and clear picture of the released updates. It includes information about each of the released patches and their severity, links to Microsoft support pages, and a list of known issues.

Other information complement the overview. There are also links to direct downloads and other links to the resources at the end.

Tip: check out the September 2022 Windows Update overview for last month's releases.

Microsoft Windows Security Updates: October 2022The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link:  Microsoft Windows Security Updates October 2022

Executive Summary
  • Microsoft increased the availability of the Windows 11 2022 Update. It should be offered on more systems now after its initial release in mid-September.
  • The October 2022 updates include security fixes for all client and server versions of Windows.
  • Security updates are also available for Azure, Active Directory Domain Services, Microsoft Edge, Microsoft Office, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, and other applications and services.
  • The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11
  • The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, 2019, and Windows Server 2022
Operating System Distribution
  • Windows 7 (extended support only): 43 vulnerabilities: 8 critical and 35 important
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows 8.1: 49 vulnerabilities: 8 critical and 41 important
    • same critical vulnerabilities as Windows 7
  • Windows 10 version 21H1 and 21H2 : 64 vulnerabilities, 9 critical and 5g important
    • same as Windows 7, plus the following:
    • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
  • Windows 11 and Windows 11 version 22H2:  64 vulnerabilities, 9 critical and 55 important
    • same as Windows 10.
Windows Server products
  • Windows Server 2008 R2 (extended support only): 44 vulnerabilities: 9 critical and 35 important
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows Server 2012 R2: 50 vulnerabilities: 9 critical and 41 important
    • same critical vulnerabilities as Windows Server 2008 R2.
  • Windows Server 2016: 54 vulnerabilities: 10 critical and 44 important
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows Server 2019: 61 vulnerabilities: 10 critical and 51 important
    • same as Windows server 2016.
  • Windows Server 2022:  66 vulnerabilities: 10 critical and 56 important
    • same as Windows server 2016.
Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2
Updates and improvements:
  • Fixed an issue that could lead to UDP packet drops from Linux Virtual Machines.
  • Chile daylight saving times updated to start on September 11 instead of September 4.
Windows 8.1 and Windows Server 2012 R2 Updates and improvements:
  • Same as Windows 7
Windows 10 version 20H2, 21H1 and 21H2 Updates and improvements:
  • Includes security updates and improvements of the preview update, released on September 20, 2022.
Windows 11 Release version  Updates and improvements:

Includes security updates and improvements of the preview update, released on September 20, 2022.

Windows 11 version 22H2   Updates and improvements:

Includes security updates and improvements of the preview update, released on September 30, 2022.

Other security updates
2022-10 Cumulative Security Update for Internet Explorer (KB5018413)
2022-10 Cumulative Update for (KB5018425) for Windows 10 Version 1507

Server updates
2022-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5018411)
2022-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5018419)
2022-10 Security Only Quality Update for Windows Server 2008 (KB5018446)
2022-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5018450)
2022-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5018457)
2022-10 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018474)
2022-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5018478)

.NET Framework
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017271)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5018541)

Servicing Stack Updates
2022-10 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018922)

Known Issues

Windows 7 SP1 and Windows Server 2008 R2
  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Old) Updates may show as failed and may be uninstalled because the machine is not on ESU.
    • Expected behaviour.
Windows 8.1 and Windows Server 2012 R2
  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
Windows 10 versions 20H2, 21H1 and 21H2
  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings".  The issue is not affecting Home users, according to Microsoft.
    • Microsoft is working on a resolution.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.
Windows 11
  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings".  The issue is not affecting Home users, according to Microsoft.
    • Microsoft is working on a resolution.
Windows 11 version 22H2
  • (New) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
    • Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
  • (New) Copying large files (multiple gigabytes) may take longer than expected.
    • Use the commands robocopy \\someserver\someshare c:\somefolder somefile.img /J or xcopy \\someserver\someshare c:\somefolder /J until fixed.
Security advisories and updates

ADV 990001 -- Latest Servicing Stack Updates

Non-security updates

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017262)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5017263)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5017264)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5017265)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017266)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017267)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5017268)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5017270)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018516)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018518)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018519)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5018521)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018522)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5018523)
2022-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018547)
2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018548)
2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018549)
2022-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5018550)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5017888)
2022-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5018515)
2022-10 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5018542)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 20H2 (KB5018543)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1 (KB5018544)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5018545)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5018546)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5018551)

Microsoft Office Updates

You find Office update information here.

How to download and install the October 2022 security updates

Most home Windows devices will receive the security updates that Microsoft published in October 2022 automatically. Windows Update takes care of that.

The updates are not delivered in realtime though, and some administrators may want to speed up the installation. This can be done by manually checking for updates, or by downloading updates from Microsoft instead.

Do the following to run a manual check for updates:
  1. Select Start, type Windows Update and load the Windows Update item that is displayed.
  2. Select check for updates to run a manual check for updates.
Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2
  • KB5018454 -- 2022-10 Security Monthly Quality Rollup for Windows 7
  • KB5018479 -- 2022-10 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
  • KB5018474 -- 2022-10 Security Monthly Quality Rollup for Windows 8.1
  • KB5018476 -- 2022-10 Security Only Quality Update for Windows 8.1
Windows 10 (version 21H1)
  • KB5017380  -- 2022-10 Cumulative Update for Windows 10 Version 21H1
Windows 10 (version 21H2)
  • KB5017380 -- 2022-10 Cumulative Update for Windows 10 Version 21H2
Windows 11 Release version
  • KB5018418 -- 2022-10 Cumulative Update for Windows 11
Windows 11 version 22H2
  • KB5018427  -- 2022-10 Cumulative Update for Windows 11 version 22H2
Additional resources ...
Continue Reading