Windows 10: Microsoft Windows Security Updates October 2022 overview

It is the second Tuesday of the month, and that means that Microsoft released security updates for all supported client and server versions of Windows. The October 2022 Patch Day brings updates for other Microsoft products as well, some of which are security related.

The cumulative updates for Windows include security updates but also other non-security improvements, including bug fixes, but sometimes also new features.

Our overview helps home users and system administrators get a quick and clear picture of the released updates. It includes information about each of the released patches and their severity, links to Microsoft support pages, and a list of known issues.

Other information complement the overview. There are also links to direct downloads and other links to the resources at the end.

Tip: check out the September 2022 Windows Update overview for last month's releases.

Microsoft Windows Security Updates: October 2022


The following Excel spreadsheet includes the released security updates for Windows and other company products. Just download it with a click on the following link: Microsoft Windows Security Updates October 2022

Executive Summary

• Microsoft increased the availability of the Windows 11 2022 Update. It should be offered on more systems now after its initial release in mid-September.
• The October 2022 updates include security fixes for all client and server versions of Windows.
• Security updates are also available for Azure, Active Directory Domain Services, Microsoft Edge, Microsoft Office, NuGet Client, Remote Access Service Point-to-Point Tunneling Protocol, and other applications and services.
• The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11
• The following server versions of Windows have known issues: Windows Server 2008, 2008 R2, 2012, 2012 R2, 2019, and Windows Server 2022

Operating System Distribution

• Windows 7 (extended support only): 43 vulnerabilities: 8 critical and 35 important
  • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
• Windows 8.1: 49 vulnerabilities: 8 critical and 41 important
  • same critical vulnerabilities as Windows 7
• Windows 10 version 21H1 and 21H2 : 64 vulnerabilities, 9 critical and 5g important
  • same as Windows 7, plus the following:
  • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
• Windows 11 and Windows 11 version 22H2: 64 vulnerabilities, 9 critical and 55 important
  • same as Windows 10.

Windows Server products

• Windows Server 2008 R2 (extended support only): 44 vulnerabilities: 9 critical and 35 important
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
  • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
  • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
• Windows Server 2012 R2: 50 vulnerabilities: 9 critical and 41 important
  • same critical vulnerabilities as Windows Server 2008 R2.
• Windows Server 2016: 54 vulnerabilities: 10 critical and 44 important
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-30198
  • Active Directory Certificate Services Elevation of Privilege Vulnerability -- CVE-2022-37976
  • Windows CryptoAPI Spoofing Vulnerability -- CVE-2022-34689
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-22035
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-33634
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-24504
  • Windows Hyper-V Elevation of Privilege Vulnerability -- CVE-2022-37979
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-41081
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38000
  • Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability -- CVE-2022-38047
• Windows Server 2019: 61 vulnerabilities: 10 critical and 51 important
  • same as Windows server 2016.
• Windows Server 2022: 66 vulnerabilities: 10 critical and 56 important
  • same as Windows server 2016.

Windows Security Updates


Windows 7 SP1 and Windows Server 2008 R2

• Monthly Rollup: KB5018454
• Security-Only: KB5018479

Updates and improvements:

• Fixed an issue that could lead to UDP packet drops from Linux Virtual Machines.
• Chile daylight saving times updated to start on September 11 instead of September 4.

Windows 8.1 and Windows Server 2012 R2

• Monthly Rollup: KB5018474
• Security-only: KB5018476

Updates and improvements:

• Same as Windows 7

Windows 10 version 20H2, 21H1 and 21H2

• Support Page: KB5018410

Updates and improvements:

• Includes security updates and improvements of the preview update, released on September 20, 2022.

Windows 11 Release version

• Support Page: KB5018418

Updates and improvements:

Includes security updates and improvements of the preview update, released on September 20, 2022.

Windows 11 version 22H2

• Support Page: KB5018427

Updates and improvements:

Includes security updates and improvements of the preview update, released on September 30, 2022.

Other security updates

2022-10 Cumulative Security Update for Internet Explorer (KB5018413)

2022-10 Cumulative Update for (KB5018425) for Windows 10 Version 1507

Server updates

2022-10 Cumulative Update for Windows Server 2016 and Windows 10 Version 1607 (KB5018411)

2022-10 Cumulative Update for Windows Server 2019 and Windows 10 Version 1809 (KB5018419)

2022-10 Security Only Quality Update for Windows Server 2008 (KB5018446)

2022-10 Security Monthly Quality Rollup for Windows Server 2008 (KB5018450)

2022-10 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 (KB5018457)

2022-10 Security Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018474)

2022-10 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012 (KB5018478)

.NET Framework

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017271)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system, version 22H2 for x64 (KB5018541)

Servicing Stack Updates

2022-10 Servicing Stack Update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB5018922)

Known Issues


Windows 7 SP1 and Windows Server 2008 R2

• (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
  • To mitigate the issue, one of the following needs to be done:
    • Clear the "Run in logged-on user's security context (user policy option)" check box.
    • In the affected Group Policy, change "Action" from "Replace" to "Update".
    • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
• (Fixed) Daylight saving time advancement in Chile may cause issues.
  • Microsoft published a workaround for affected devices.
• (Old) Updates may show as failed and may be uninstalled because the machine is not on ESU.
  • Expected behaviour.

Windows 8.1 and Windows Server 2012 R2

• (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
  • To mitigate the issue, one of the following needs to be done:
    • Clear the "Run in logged-on user's security context (user policy option)" check box.
    • In the affected Group Policy, change "Action" from "Replace" to "Update".
    • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
• (Fixed) Daylight saving time advancement in Chile may cause issues.
  • Microsoft published a workaround for affected devices.

Windows 10 versions 20H2, 21H1 and 21H2

• (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
  • To mitigate the issue, one of the following needs to be done:
    • Clear the "Run in logged-on user's security context (user policy option)" check box.
    • In the affected Group Policy, change "Action" from "Replace" to "Update".
    • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
• (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings". The issue is not affecting Home users, according to Microsoft.
  • Microsoft is working on a resolution.
• (Fixed) Daylight saving time advancement in Chile may cause issues.
  • Microsoft published a workaround for affected devices.
• (Old) Custom installations may not receive the new Microsoft Edge web browser, while the old version may be removed.
  • Workaround described on the support page.

Windows 11

• (New) File copies which use Group Policy Preferences might fail or might create empty shortcuts or files that have 0 (zero) bytes.
  • To mitigate the issue, one of the following needs to be done:
    • Clear the "Run in logged-on user's security context (user policy option)" check box.
    • In the affected Group Policy, change "Action" from "Replace" to "Update".
    • If a wildcard (*) is used in the location or destination, deleting the trailing "\" (backslash, without quotation marks) from the destination might allow the copy to be successful.
• (Fixed) Daylight saving time advancement in Chile may cause issues.
  • Microsoft published a workaround for affected devices.
• (Fixed) XPS Viewer may be unable to open XML Paper Specification documents in certain non-English languages, including "some Japanese and Chinese character encodings". The issue is not affecting Home users, according to Microsoft.
  • Microsoft is working on a resolution.

Windows 11 version 22H2

• (New) Provisioning packages may not work as expected. Windows may only be configured partially and the " Out Of Box Experience might not finish or might restart unexpectedly".
  • Provisioning the Windows device before upgrading to Windows 11 version 22H2 fixes the issue.
• (New) Copying large files (multiple gigabytes) may take longer than expected.
  • Use the commands robocopy \\someserver\someshare c:\somefolder somefile.img /J or xcopy \\someserver\someshare c:\somefolder /J until fixed.

Security advisories and updates


ADV 990001 -- Latest Servicing Stack Updates

Non-security updates


2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017262)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5017263)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 (KB5017264)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 for x64 (KB5017265)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5017266)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11 (KB5017267)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5017268)

2022-10 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 and Windows 10 Version 1809 (KB5017270)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018516)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018518)

2022-10 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018519)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008 (KB5018521)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018522)

2022-10 Security and Quality Rollup for .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB5018523)

2022-10 Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 (KB5018547)

2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Embedded 8 Standard and Windows Server 2012 (KB5018548)

2022-10 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB5018549)

2022-10 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.6.2 for Windows Server 2008 (KB5018550)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, and Windows 10 Version 1903 (KB5017888)

2022-10 Cumulative Update for .NET Framework 4.8 for Windows Server 2016 and Windows 10 Version 1607 (KB5018515)

2022-10 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 and Windows 10 Version 1809 (KB5018542)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 20H2 (KB5018543)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1 (KB5018544)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H1, Windows 10 Version 20H2, Windows 10 Version 2004, Windows 10 Version 1909, Windows 10 Version 1903, Windows 10 Version 1809, and Windows 10 Version 1607 (KB5018545)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11 (KB5018546)

2022-10 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5018551)

Microsoft Office Updates

You find Office update information here.

How to download and install the October 2022 security updates

Most home Windows devices will receive the security updates that Microsoft published in October 2022 automatically. Windows Update takes care of that.

The updates are not delivered in realtime though, and some administrators may want to speed up the installation. This can be done by manually checking for updates, or by downloading updates from Microsoft instead.


Do the following to run a manual check for updates:

1. Select Start, type Windows Update and load the Windows Update item that is displayed.
2. Select check for updates to run a manual check for updates.

Direct update downloads


Below are resource pages with direct download links, if you prefer to download the updates to install them manually.

Windows 7 and Server 2008 R2

• KB5018454 -- 2022-10 Security Monthly Quality Rollup for Windows 7
• KB5018479 -- 2022-10 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

• KB5018474 -- 2022-10 Security Monthly Quality Rollup for Windows 8.1
• KB5018476 -- 2022-10 Security Only Quality Update for Windows 8.1

Windows 10 (version 21H1)

• KB5017380 -- 2022-10 Cumulative Update for Windows 10 Version 21H1

Windows 10 (version 21H2)

• KB5017380 -- 2022-10 Cumulative Update for Windows 10 Version 21H2

Windows 11 Release version

• KB5018418 -- 2022-10 Cumulative Update for Windows 11

Windows 11 version 22H2

• KB5018427 -- 2022-10 Cumulative Update for Windows 11 version 22H2

Additional resources

• October 2022 Security Updates release notes
• List of software updates for Microsoft products
• List of the latest Windows Updates and Services Packs
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• How to install optional updates on Windows 10
• Windows 11 Update History
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Thank you for being a Ghacks reader. The post Microsoft Windows Security Updates October 2022 overview appeared first on gHacks Technology News.

read more...

 

Microsoft Security Bulletin for October 2007

Microsoft's October security bulletin brings six security updates and re-released one. Click here to read the Microsoft Security Bulletin Summary, and eventually download the updates.

Source: Microsoft

 

Microsoft June 2022 Security Updates

June 2022 Security Updates
Updates this Month


This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
  
• Azure OMI
  
• Azure Real Time Operating System
  
• Azure Service Fabric Container
  
• Intel
  
• Microsoft Edge (Chromium-based)
  
• Microsoft Office
  
• Microsoft Office Excel
  
• Microsoft Office SharePoint
  
• Microsoft Windows ALPC
  
• Microsoft Windows Codecs Library
  
• Remote Volume Shadow Copy Service (RVSS)
  
• Role: Windows Hyper-V
  
• SQL Server
  
• Windows Ancillary Function Driver for WinSock
  
• Windows App Store
  
• Windows Autopilot
  
• Windows Container Isolation FS Filter Driver
  
• Windows Container Manager Service
  
• Windows Defender
  
• Windows Encrypting File System (EFS)
  
• Windows File History Service
  
• Windows Installer
  
• Windows iSCSI
  
• Windows Kerberos
  
• Windows Kernel
  
• Windows LDAP - Lightweight Directory Access Protocol
  
• Windows Local Security Authority Subsystem Service
  
• Windows Media
  
• Windows Network Address Translation (NAT)
  
• Windows Network File System
  
• Windows PowerShell
  
• Windows SMB

Please note the following information regarding the security updates:


Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-2007
  
• CVE-2022-2008
  
• CVE-2022-2010
  
• CVE-2022-2011
  
• CVE-2022-21123
  
• CVE-2022-21125
  
• CVE-2022-21127
  
• CVE-2022-21166
  
• CVE-2022-22018
  
• CVE-2022-22021
  
• CVE-2022-29111
  
• CVE-2022-29119
  
• CVE-2022-29143
  
• CVE-2022-29149
  
• CVE-2022-30136
  
• CVE-2022-30137
  
• CVE-2022-30139
  
• CVE-2022-30140
  
• CVE-2022-30141
  
• CVE-2022-30142
  
• CVE-2022-30143
  
• CVE-2022-30145
  
• CVE-2022-30146
  
• CVE-2022-30148
  
• CVE-2022-30149
  
• CVE-2022-30150
  
• CVE-2022-30151
  
• CVE-2022-30153
  
• CVE-2022-30154
  
• CVE-2022-30155
  
• CVE-2022-30157
  
• CVE-2022-30158
  
• CVE-2022-30159
  
• CVE-2022-30161
  
• CVE-2022-30162
  
• CVE-2022-30163
  
• CVE-2022-30164
  
• CVE-2022-30165
  
• CVE-2022-30167
  
• CVE-2022-30168
  
• CVE-2022-30171
  
• CVE-2022-30172
  
• CVE-2022-30173
  
• CVE-2022-30174
  
• CVE-2022-30177
  
• CVE-2022-30178
  
• CVE-2022-30179
  
• CVE-2022-30180
  
• CVE-2022-30184
  
• CVE-2022-30188
  
• CVE-2022-30189
  
• CVE-2022-30193
  
• CVE-2022-32230

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.


For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


KB Article Applies To

5002219 SharePoint Foundation 2013

5014692 Windows Server 2019

5014697 Windows 11

5014699 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2

5014738 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5014741 Windows Server 2012 (Security-only update)

5014742 Windows 7, Windows Server 2008 R2 (Security-only update)

5014743 Windows Server 2008 (Security-only update)

5014746 Windows 8.1, Windows Server 2012 R2 (Security-only update)

5014747 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5014748 Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5014752 Windows Server 2008 (Monthly Rollup)

Released: Jun 14, 2022

June 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Microsoft May 2022 Security Updates

May 2022 Security Updates
Updates this Month


This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows ALPC
• Remote Desktop Client
• Role: Windows Fax Service
• Role: Windows Hyper-V
• Self-hosted Integration Runtime
• Tablet Windows User Interface
• Visual Studio
• Visual Studio Code
• Windows Active Directory
• Windows Address Book
• Windows Authentication Methods
• Windows BitLocker
• Windows Cluster Shared Volume (CSV)
• Windows Failover Cluster Automation Server
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Media
• Windows Network File System
• Windows NTFS
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Push Notifications
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Procedure Call Runtime
• Windows Server Service
• Windows Storage Spaces Controller
• Windows WLAN Auto Config Service

Please note the following information regarding the security updates:


Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-21972
• CVE-2022-21978
• CVE-2022-22011
• CVE-2022-22012
• CVE-2022-22015
• CVE-2022-22016
• CVE-2022-22017
• CVE-2022-22019
• CVE-2022-22713
• CVE-2022-23270
• CVE-2022-23279
• CVE-2022-24466
• CVE-2022-26913
• CVE-2022-26923
• CVE-2022-26925
• CVE-2022-26926
• CVE-2022-26927
• CVE-2022-26930
• CVE-2022-26931
• CVE-2022-26932
• CVE-2022-26933
• CVE-2022-26934
• CVE-2022-26935
• CVE-2022-26936
• CVE-2022-26937
• CVE-2022-26938
• CVE-2022-26939
• CVE-2022-26940
• CVE-2022-29102
• CVE-2022-29106
• CVE-2022-29107
• CVE-2022-29108
• CVE-2022-29109
• CVE-2022-29110
• CVE-2022-29112
• CVE-2022-29113
• CVE-2022-29114
• CVE-2022-29115
• CVE-2022-29116
• CVE-2022-29120
• CVE-2022-29121
• CVE-2022-29122
• CVE-2022-29123
• CVE-2022-29125
• CVE-2022-29126
• CVE-2022-29127
• CVE-2022-29128
• CVE-2022-29129
• CVE-2022-29130
• CVE-2022-29131
• CVE-2022-29133
• CVE-2022-29134
• CVE-2022-29135
• CVE-2022-29138
• CVE-2022-29139
• CVE-2022-29140
• CVE-2022-29142
• CVE-2022-29148
• CVE-2022-29150
• CVE-2022-29151
• CVE-2022-29972
• CVE-2022-30129

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.


For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).


KB Article Applies To
5011363 New Exchange Server Security Update and Hotfix Packaging
5013941 Windows 10, version 1809, Windows Server 2019
5013942 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5013943 Windows 11
5013944 Windows Server 2022
5013952 Windows 10, version 1607, Windows Server 2016
5013999 Windows 7, Windows Server 2008 R2 (Security-only update)
5014001 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5014006 Windows Server 2008 (Security-only update)
5014010 Windows Server 2008 (Monthly Rollup)
5014011 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5014012 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5014017 Windows Server 2012 (Monthly Rollup)
5014018 Windows Server 2012 (Security-only update)
Released: May 10, 2022
https://msrc.microsoft.com/update-gu...eNote/2022-May