Microsoft Windows Security Updates October 2022 overview

Martin Brinkmann
Oct 11, 2022
Updated • Oct 13, 2022
Windows Updates
|
16

It is the second Tuesday of the month, and that means that Microsoft released security updates for all supported client and server versions of Windows. The October 2022 Patch Day brings updates for other Microsoft products as well, some of which are security related.

microsoft windows october 2022 updates

The cumulative updates for Windows include security updates but also other non-security improvements, including bug fixes, but sometimes also new features.

Our overview helps home users and system administrators get a quick and clear picture of the released updates. It includes information about each of the released patches and their severity, links to Microsoft support pages, and a list of known issues.

Other information complement the overview. There are also links to direct downloads and other links to the resources at the end.

Tip: check out the September 2022 Windows Update overview for last month's releases.

Microsoft Windows Security Updates: October 2022

The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link:  Microsoft Windows Security Updates October 2022

Executive Summary

  • Microsoft increased the availability of the Windows 11 2022 Update. It should be offered on more systems now after its initial release in mid-September.
  • The October 2022 updates include security fixes for all client and server versions of Windows.
  • Security updates are also available for Azure, Active Directory Domain Services, Microsoft Edge, Microsoft Office, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, and other applications and services.
  • The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11
  • The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, 2019, and Windows Server 2022

Operating System Distribution

  • Windows 7 (extended support only): 43 vulnerabilities: 8 critical and 35 important
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows 8.1: 49 vulnerabilities: 8 critical and 41 important
    • same critical vulnerabilities as Windows 7
  • Windows 10 version 21H1 and 21H2 : 64 vulnerabilities, 9 critical and 5g important
    • same as Windows 7, plus the following:
    • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
  • Windows 11 and Windows 11 version 22H2:  64 vulnerabilities, 9 critical and 55 important
    • same as Windows 10.

Windows Server products

  • Windows Server 2008 R2 (extended support only): 44 vulnerabilities: 9 critical and 35 important
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows Server 2012 R2: 50 vulnerabilities: 9 critical and 41 important
    • same critical vulnerabilities as Windows Server 2008 R2.
  • Windows Server 2016: 54 vulnerabilities: 10 critical and 44 important
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
    • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
    • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
    • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
    • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
  • Windows Server 2019: 61 vulnerabilities: 10 critical and 51 important
    • same as Windows server 2016.
  • Windows Server 2022:  66 vulnerabilities: 10 critical and 56 important
    • same as Windows server 2016.

Windows Security Updates

Windows 7 SP1 and Windows Server 2008 R2

Updates and improvements:

  • Fixed an issue that could lead to UDP packet drops from Linux Virtual Machines.
  • Chile daylight saving times updated to start on September 11 instead of September 4.

Windows 8.1 and Windows Server 2012 R2

Updates and improvements:

  • Same as Windows 7

Windows 10 version 20H2, 21H1 and 21H2

Updates and improvements:

  • Includes security updates and improvements of the preview update, released on September 20, 2022.

Windows 11 Release version 

Updates and improvements:

Includes security updates and improvements of the preview update, released on September 20, 2022.

Windows 11 version 22H2  

Updates and improvements:

Includes security updates and improvements of the preview update, released on September 30, 2022.

Other security updates

2022-10 Cumulative Security Update for Internet Explorer (KB5018413)

2022-10 Cumulative Update for (KB5018425) for Windows 10 Version 1507

Server updates

2022-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5018411)

2022-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5018419)

2022-10 Security Only Quality Update for Windows Server 2008 (KB5018446)

2022-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5018450)

2022-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5018457)

2022-10 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018474)

2022-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5018478)

.NET Framework

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017271)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5018541)

Servicing Stack Updates

2022-10 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018922)

Known Issues

Windows 7 SP1 and Windows Server 2008 R2

  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Old) Updates may show as failed and may be uninstalled because the machine is not on ESU.
    • Expected behaviour.

Windows 8.1 and Windows Server 2012 R2

  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.

Windows 10 versions 20H2, 21H1 and 21H2

  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings".  The issue is not affecting Home users, according to Microsoft.
    • Microsoft is working on a resolution.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.

Windows 11

  • (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
    • To mitigate the issue, one of the following needs to be done:
      • Clear the "Run in logged-on user's security context (user policy option)" check box.
      • In the affected Group Policy, change "Action" from "Replace" to "Update".
      • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
  • (Fixed) Daylight saving time advancement in Chile may cause issues.
  • (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings".  The issue is not affecting Home users, according to Microsoft.
    • Microsoft is working on a resolution.

Windows 11 version 22H2

  • (New) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
    • Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
  • (New) Copying large files (multiple gigabytes) may take longer than expected.
    • Use the commands robocopy \\someserver\someshare c:\somefolder somefile.img /J or xcopy \\someserver\someshare c:\somefolder /J until fixed.

Security advisories and updates

ADV 990001 -- Latest Servicing Stack Updates

Non-security updates

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017262)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5017263)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5017264)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5017265)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017266)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017267)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5017268)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5017270)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018516)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018518)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018519)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5018521)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018522)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5018523)

2022-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018547)

2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018548)

2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018549)

2022-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5018550)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5017888)

2022-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5018515)

2022-10 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5018542)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 20H2 (KB5018543)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1 (KB5018544)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5018545)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5018546)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5018551)

Microsoft Office Updates

You find Office update information here.

How to download and install the October 2022 security updates

Most home Windows devices will receive the security updates that Microsoft published in October 2022 automatically. Windows Update takes care of that.

The updates are not delivered in realtime though, and some administrators may want to speed up the installation. This can be done by manually checking for updates, or by downloading updates from Microsoft instead.

Do the following to run a manual check for updates:

  1. Select Start, type Windows Update and load the Windows Update item that is displayed.
  2. Select check for updates to run a manual check for updates.

Direct update downloads

Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

  • KB5018454 -- 2022-10 Security Monthly Quality Rollup for Windows 7
  • KB5018479 -- 2022-10 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB5018474 -- 2022-10 Security Monthly Quality Rollup for Windows 8.1
  • KB5018476 -- 2022-10 Security Only Quality Update for Windows 8.1

Windows 10 (version 21H1)

Windows 10 (version 21H2)

  • KB5018410 -- 2022-10 Cumulative Update for Windows 10 Version 21H2

Windows 11 Release version

  • KB5018418 -- 2022-10 Cumulative Update for Windows 11
Windows 11 version 22H2
  • KB5018427  -- 2022-10 Cumulative Update for Windows 11 version 22H2

Additional resources

Summary
Microsoft Windows Security Updates October 2022 overview
Article Name
Microsoft Windows Security Updates October 2022 overview
Description
An overview of the security updates that Microsoft released on the October 2022 Patch Tuesday for Windows operating systems.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Peterc said on October 21, 2022 at 7:37 pm
    Reply

    Just a warning that the October 2022 Patch Tuesday updates for Windows 10 21H1 and/or the subsequent “out-of-band” connectivity-fix update appear to have reset (undone) at least five privacy settings, so this is *not* the month to forget to re-run ShutUp10 (which, incidentally, was itself updated a couple of days ago). Moreover, the updates appear to have overwritten custom external-drive timeout settings in the Registry. [Drive timeouts could be controlled from Windows 7’s Control Panel, but Microsoft apparently felt that ordinary users shouldn’t have that degree of control over their hardware in Windows 10. If you want to change drive timeouts in Windows 10, you have to hack the Registry. Moreover, the default timeout seems to be after 5 to 8 seconds of inactivity, resulting in constant on/off cycles that kill an external hard drive faster than just leaving it running all the time. This is the kind of brain-dead move I’m beginning to expect from a company that now seems to spend more time trying to decide whether to make its OS look more like MacOS or more like Elementary than it does on what’s actually under the hood/bonnet.]

  2. Anonymous said on October 13, 2022 at 5:52 am
    Reply

    Direct update download links still show:

    Windows 10 (version 21H1)

    KB5017380 — 2022-10 Cumulative Update for Windows 10 Version 21H1
    Windows 10 (version 21H2)

    KB5017380 — 2022-10 Cumulative Update for Windows 10 Version 21H2

    Should be KB5018410

  3. Anonymous said on October 12, 2022 at 10:33 pm
    Reply

    Oct 2022 cumulative updated should be kb5018410 for Windows 10 (direct download)

    1. Martin Brinkmann said on October 13, 2022 at 5:24 am
      Reply

      Thank you, corrected!

  4. Paul(us) said on October 12, 2022 at 5:04 pm
    Reply

    Martin, I noticed that originally that Windows 10 and 11 updates would appear simultaneously, but it looks like Windows 10 22H2 will be here in October 2022 or maybe even later.
    I ask this because I updated my Windows 10 o.s. yesterday but not to Windows 10 22H2.
    Do you know maybe when the Windows 10 22H2 is coming?

    1. Martin Brinkmann said on October 12, 2022 at 5:51 pm
      Reply

      Microsoft has not revealed the release date. Maybe it is coming on next Tuesday, but no one outside of Microsoft knows at this point.

      1. Paul(us) said on October 12, 2022 at 6:45 pm
        Reply

        Thanks, Martin, for your best guess.

  5. Corky said on October 12, 2022 at 3:58 pm
    Reply

    Always gives me a chuckle when i read one of the known issues is…

    (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.

    That’s not an issue that’s a feature. :D

  6. Nicholas said on October 12, 2022 at 12:51 pm
    Reply

    Anyone have issues with Windows 2012 R2 KB5018474 (Security Monthly)
    Windows update gets stuck when installing it.Had this issue on a few Servers.
    We had the same issue with last months Security Monthly.

  7. John G. said on October 12, 2022 at 10:12 am
    Reply

    The same everything to get the same nothing. W11 in its pure essence.

  8. 45RPM said on October 12, 2022 at 9:55 am
    Reply

    It’s a testimonial to how bad Windows updates have been and remain that I am more afraid of what they might do to our fleet of PCs and servers than whatever threat they are meant to stop or mitigate. Do they actually test any of this? If they do they must have a “Meh, good enough, release it” mentality.

  9. NeonRobot said on October 12, 2022 at 5:55 am
    Reply

    Fixed my trusty Win7, how niiice

  10. backdoors are bugs when they're found said on October 12, 2022 at 2:48 am
    Reply

    Look at all of those, “Remote Code Execution Vulnerability” entries.

    Shame on you, M$.

  11. yanta said on October 12, 2022 at 1:41 am
    Reply

    Wjy would anyone still be using PPTP? It was compromised a decade ago.

  12. Anonymous said on October 11, 2022 at 9:05 pm
    Reply

    Why is it taking them so long to resolve the issue with group policy preferences? Microsoft failed to hire a team with a commitment to quality. We won’t be modifying any of our group policies to fix their screw ups. As long as it’s not fixed, we’ll just keep blocking these updates.

  13. Paul(us) said on October 11, 2022 at 8:32 pm
    Reply

    Thanks, Martin, for helping me comprehend the 64 vulnerabilities, 9 critical and 5g important so I understand what I was doing when I upgraded to Windows 10 version 21H2 (OS Build 19044.2130). Up to now a smooth fast update.

    I could update also to Microsoft Edge Final 106.0.1420.42 version.
    So I am also lucky that my (Old) Custom installations did receive the new Microsoft Edge web browser, without the old version being removed.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.