Microsoft Windows Security Updates October 2022 overview
It is the second Tuesday of the month, and that means that Microsoft released security updates for all supported client and server versions of Windows. The October 2022 Patch Day brings updates for other Microsoft products as well, some of which are security related.
The cumulative updates for Windows include security updates but also other non-security improvements, including bug fixes, but sometimes also new features.
Our overview helps home users and system administrators get a quick and clear picture of the released updates. It includes information about each of the released patches and their severity, links to Microsoft support pages, and a list of known issues.
Other information complement the overview. There are also links to direct downloads and other links to the resources at the end.
Tip: check out the September 2022 Windows Update overview for last month's releases.
Microsoft Windows Security Updates: October 2022
The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: Microsoft Windows Security Updates October 2022
Executive Summary
- Microsoft increased the availability of the Windows 11 2022 Update. It should be offered on more systems now after its initial release in mid-September.
- The October 2022 updates include security fixes for all client and server versions of Windows.
- Security updates are also available for Azure, Active Directory Domain Services, Microsoft Edge, Microsoft Office, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, and other applications and services.
- The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11
- The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, 2019, and Windows Server 2022
Operating System Distribution
- Windows 7 (extended support only): 43 vulnerabilities: 8 critical and 35 important
- Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
- Windows 8.1: 49 vulnerabilities: 8 critical and 41 important
- same critical vulnerabilities as Windows 7
- Windows 10 version 21H1 and 21H2 : 64 vulnerabilities, 9 critical and 5g important
- same as Windows 7, plus the following:
- Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
- Windows 11 and Windows 11 version 22H2: 64 vulnerabilities, 9 critical and 55 important
- same as Windows 10.
Windows Server products
- Windows Server 2008 R2 (extended support only): 44 vulnerabilities: 9 critical and 35 important
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
- Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
- Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
- Windows Server 2012 R2: 50 vulnerabilities: 9 critical and 41 important
- same critical vulnerabilities as Windows Server 2008 R2.
- Windows Server 2016: 54 vulnerabilities: 10 critical and 44 important
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
- Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
- Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
- Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
- Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
- Windows Server 2019: 61 vulnerabilities: 10 critical and 51 important
- same as Windows server 2016.
- Windows Server 2022: 66 vulnerabilities: 10 critical and 56 important
- same as Windows server 2016.
Windows Security Updates
Windows 7 SP1 and Windows Server 2008 R2
Updates and improvements:
- Fixed an issue that could lead to UDP packet drops from Linux Virtual Machines.
- Chile daylight saving times updated to start on September 11 instead of September 4.
Windows 8.1 and Windows Server 2012 R2
Updates and improvements:
- Same as Windows 7
Windows 10 version 20H2, 21H1 and 21H2
- Support Page: KB5018410
Updates and improvements:
- Includes security updates and improvements of the preview update, released on September 20, 2022.
Windows 11 Release version
- Support Page: KB5018418
Updates and improvements:
Includes security updates and improvements of the preview update, released on September 20, 2022.
Windows 11 version 22H2
- Support Page: KB5018427
Updates and improvements:
Includes security updates and improvements of the preview update, released on September 30, 2022.
Other security updates
2022-10 Cumulative Security Update for Internet Explorer (KB5018413)
2022-10 Cumulative Update for (KB5018425) for Windows 10 Version 1507
Server updates
2022-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5018411)
2022-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5018419)
2022-10 Security Only Quality Update for Windows Server 2008 (KB5018446)
2022-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5018450)
2022-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5018457)
2022-10 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018474)
2022-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5018478)
.NET Framework
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017271)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5018541)
Servicing Stack Updates
2022-10 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018922)
Known Issues
Windows 7 SP1 and Windows Server 2008 R2
- (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
- To mitigate the issue, one of the following needs to be done:
- Clear the "Run in logged-on user's security context (user policy option)" check box.
- In the affected Group Policy, change "Action" from "Replace" to "Update".
- If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
- To mitigate the issue, one of the following needs to be done:
- (Fixed) Daylight saving time advancement in Chile may cause issues.
- Microsoft published a workaround for affected devices.
- (Old) Updates may show as failed and may be uninstalled because the machine is not on ESU.
- Expected behaviour.
Windows 8.1 and Windows Server 2012 R2
- (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
- To mitigate the issue, one of the following needs to be done:
- Clear the "Run in logged-on user's security context (user policy option)" check box.
- In the affected Group Policy, change "Action" from "Replace" to "Update".
- If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
- To mitigate the issue, one of the following needs to be done:
- (Fixed) Daylight saving time advancement in Chile may cause issues.
- Microsoft published a workaround for affected devices.
Windows 10 versions 20H2, 21H1 and 21H2
- (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
- To mitigate the issue, one of the following needs to be done:
- Clear the "Run in logged-on user's security context (user policy option)" check box.
- In the affected Group Policy, change "Action" from "Replace" to "Update".
- If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
- To mitigate the issue, one of the following needs to be done:
- (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings". The issue is not affecting Home users, according to Microsoft.
- Microsoft is working on a resolution.
- (Fixed) Daylight saving time advancement in Chile may cause issues.
- Microsoft published a workaround for affected devices.
- (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.
- Workaround described on the support page.
Windows 11
- (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
- To mitigate the issue, one of the following needs to be done:
- Clear the "Run in logged-on user's security context (user policy option)" check box.
- In the affected Group Policy, change "Action" from "Replace" to "Update".
- If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
- To mitigate the issue, one of the following needs to be done:
- (Fixed) Daylight saving time advancement in Chile may cause issues.
- Microsoft published a workaround for affected devices.
- (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings". The issue is not affecting Home users, according to Microsoft.
- Microsoft is working on a resolution.
Windows 11 version 22H2
- (New) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
- Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
- (New) Copying large files (multiple gigabytes) may take longer than expected.
- Use the commands robocopy \\someserver\someshare c:\somefolder somefile.img /J or xcopy \\someserver\someshare c:\somefolder /J until fixed.
Security advisories and updates
ADV 990001 -- Latest Servicing Stack Updates
Non-security updates
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017262)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5017263)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5017264)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5017265)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017266)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017267)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5017268)
2022-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5017270)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018516)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018518)
2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018519)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5018521)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018522)
2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5018523)
2022-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018547)
2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018548)
2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018549)
2022-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5018550)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5017888)
2022-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5018515)
2022-10 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5018542)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 20H2 (KB5018543)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1 (KB5018544)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5018545)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5018546)
2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5018551)
Microsoft Office Updates
You find Office update information here.
How to download and install the October 2022 security updates
Most home Windows devices will receive the security updates that Microsoft published in October 2022 automatically. Windows Update takes care of that.
The updates are not delivered in realtime though, and some administrators may want to speed up the installation. This can be done by manually checking for updates, or by downloading updates from Microsoft instead.
Do the following to run a manual check for updates:
- Select Start, type Windows Update and load the Windows Update item that is displayed.
- Select check for updates to run a manual check for updates.
Direct update downloads
Below are resource pages with direct download links, if you prefer to download the updates to install them manually.
Windows 7 and Server 2008 R2
- KB5018454 -- 2022-10 Security Monthly Quality Rollup for Windows 7
- KB5018479 -- 2022-10 Security Only Quality Update for Windows 7
Windows 8.1 and Windows Server 2012 R2
- KB5018474 -- 2022-10 Security Monthly Quality Rollup for Windows 8.1
- KB5018476 -- 2022-10 Security Only Quality Update for Windows 8.1
Windows 10 (version 21H1)
-
KB5018410 -- 2022-10 Cumulative Update for Windows 10 Version 21H1
Windows 10 (version 21H2)
- KB5018410 -- 2022-10 Cumulative Update for Windows 10 Version 21H2
Windows 11 Release version
- KB5018418 -- 2022-10 Cumulative Update for Windows 11
- KB5018427 -- 2022-10 Cumulative Update for Windows 11 version 22H2
Additional resources
- October 2022 Security Updates release notes
- List of software updates for Microsoft products
- List of the latest Windows Updates and Services Packs
- Security Updates Guide
- Microsoft Update Catalog site
- Our in-depth Windows update guide
- How to install optional updates on Windows 10
- Windows 11 Update History
- Windows 10 Update History
- Windows 8.1 Update History
- Windows 7 Update History
Just a warning that the October 2022 Patch Tuesday updates for Windows 10 21H1 and/or the subsequent “out-of-band” connectivity-fix update appear to have reset (undone) at least five privacy settings, so this is *not* the month to forget to re-run ShutUp10 (which, incidentally, was itself updated a couple of days ago). Moreover, the updates appear to have overwritten custom external-drive timeout settings in the Registry. [Drive timeouts could be controlled from Windows 7’s Control Panel, but Microsoft apparently felt that ordinary users shouldn’t have that degree of control over their hardware in Windows 10. If you want to change drive timeouts in Windows 10, you have to hack the Registry. Moreover, the default timeout seems to be after 5 to 8 seconds of inactivity, resulting in constant on/off cycles that kill an external hard drive faster than just leaving it running all the time. This is the kind of brain-dead move I’m beginning to expect from a company that now seems to spend more time trying to decide whether to make its OS look more like MacOS or more like Elementary than it does on what’s actually under the hood/bonnet.]
Direct update download links still show:
Windows 10 (version 21H1)
KB5017380 — 2022-10 Cumulative Update for Windows 10 Version 21H1
Windows 10 (version 21H2)
KB5017380 — 2022-10 Cumulative Update for Windows 10 Version 21H2
Should be KB5018410
Oct 2022 cumulative updated should be kb5018410 for Windows 10 (direct download)
Thank you, corrected!
Martin, I noticed that originally that Windows 10 and 11 updates would appear simultaneously, but it looks like Windows 10 22H2 will be here in October 2022 or maybe even later.
I ask this because I updated my Windows 10 o.s. yesterday but not to Windows 10 22H2.
Do you know maybe when the Windows 10 22H2 is coming?
Microsoft has not revealed the release date. Maybe it is coming on next Tuesday, but no one outside of Microsoft knows at this point.
Thanks, Martin, for your best guess.
Always gives me a chuckle when i read one of the known issues is…
(Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.
That’s not an issue that’s a feature. :D
Anyone have issues with Windows 2012 R2 KB5018474 (Security Monthly)
Windows update gets stuck when installing it.Had this issue on a few Servers.
We had the same issue with last months Security Monthly.
The same everything to get the same nothing. W11 in its pure essence.
It’s a testimonial to how bad Windows updates have been and remain that I am more afraid of what they might do to our fleet of PCs and servers than whatever threat they are meant to stop or mitigate. Do they actually test any of this? If they do they must have a “Meh, good enough, release it” mentality.
Fixed my trusty Win7, how niiice
Look at all of those, “Remote Code Execution Vulnerability” entries.
Shame on you, M$.
Wjy would anyone still be using PPTP? It was compromised a decade ago.
Why is it taking them so long to resolve the issue with group policy preferences? Microsoft failed to hire a team with a commitment to quality. We won’t be modifying any of our group policies to fix their screw ups. As long as it’s not fixed, we’ll just keep blocking these updates.
Thanks, Martin, for helping me comprehend the 64 vulnerabilities, 9 critical and 5g important so I understand what I was doing when I upgraded to Windows 10 version 21H2 (OS Build 19044.2130). Up to now a smooth fast update.
I could update also to Microsoft Edge Final 106.0.1420.42 version.
So I am also lucky that my (Old) Custom installations did receive the new Microsoft Edge web browser, without the old version being removed.