Microsoft Patch Tuesday for October 2022 Fixes 84 Vulnerabilities

Microsoft’s Patch Tuesday is scheduled for every second Tuesday of the Month. Today is October’s second Tuesday, so it is time for the release of security updates and fixes for Microsoft products including Windows.

October’s Patch Tuesday includes 84 fixes for Microsoft products including Windows, Windows Server, Edge browser, .NET Framework and Exchange Server.

The breakdown of vulnerabilities found and fixed is as follows:

  1. 39 Elevation of Privilege Vulnerabilities
  2. 2 Security Feature Bypass Vulnerabilities
  3. 20 Remote Code Execution Vulnerabilities
  4. 11 Information Disclosure Vulnerabilities
  5. 8 Denial of Service Vulnerabilities
  6. 4 Spoofing Vulnerabilities

To go through each vulnerability in detail, please open the following Google Sheets document:

Microsoft Vulnerability list for October 2022

You can find more details on Microsoft’s MSRC vulnerability guide. Just make sure you set the time period to October 2022.

Windows security updates for October 2022

KB5018427/KB5018418 update for Windows 11 (22H2 + 21H2)

This is the first ever Patch Tuesday for Windows 11 22H2 or 2022 Update . After installing KB5018427, your OS build will become 22621.674 .

According to Microsoft’s help doc for KB5018427, this update comes with security improvements and fixes for Windows.

Some known issues are still present. For example, if you copy large files over the network, the copy speed will decrease by up to 40%.

Using provisioning packages on Windows 11 22H2 may not work as expected. This issue only affects the enterprise or corporate users.

This update will be automatically downloaded and installed through Windows Update. However, if you want to install it manually, you can download it from the following links:

Download KB5018427 for Windows 11 22H2 64-bit

Download KB5018418 for Windows 11 21H2 64-bit

KB5018410 update for Windows 10 20H2, 21H1 and 21H2

After installing KB5018410, your OS build will become:

  • Windows 10 20H2 Build 19042.2130
  • Windows 10 21H1 Build 19043.2130
  • Windows 10 21H2 Build 19044.2130

This update includes security updates and fixes, especially for internal operating system functionality. It doesn’t come with new features.

There are a couple of known issues that were also present in previous updates.

If you have Windows 10 installed from a custom ISO, the Edge legacy browser may not be uninstalled automatically. You will need to manually install Chromium Edge on your computer.

After installing this update, file copies using Group Policy Preferences might fail or might create empty shortcuts or files using 0 (zero) bytes. Microsoft suggests one of the following workarounds:

  1. Uncheck the “Run in logged-on user security context (user policy option)”. Note: This might not mitigate the issue for items using a wildcard (*).
  2. Within the affected Group Policy, change “Action” from “Replace” to “Update”.
  3. If a wildcard (*) is used in the location or destination, deleting the trailing “\” (backslash, without quotes) from the destination might allow the copy to be successful.

This update will be automatically downloaded and installed through Windows Update. However, if you want to install it manually, you can download it from the following links:

Download KB5018410 updates for Windows 10 20H2, 21H1 & 21H2 (32-bit + 64-bit)

KB5018419 update for Windows Server 2019 and Windows 10 Version 1809

After installing this update, your operating system build will become build 17763.3532.

Please note that Microsoft has already discontinued support for Windows 10 Version 1809 and Windows Server 2019. As a result, users will only get security updates for these versions on LTSB branches.   Make sure you’re on the latest supported version of Windows.

The fixes included in this update are:

You schedule a task every two weeks, but there is a problem. Instead of every two weeks, it runs every week.

Some security fixes are also included in this update. You can go through the Google Sheets list (link above) to check each vulnerability and it’s fix by Microsoft.

Download KB5018419 for Windows Server 2019 and Windows 10 1809

KB5018411 update for Windows Server 2016 and Windows 10 Version 1607

Installing KB5018411 will take your OS build to 14393.5427.

Support for Windows Server 2016 and Windows 10 Version 1607 is long gone. Microsoft only releases essential security fixes for these Operating Systems. After January 2023, Microsoft will stop releasing security updates, leaving customers vulnerable to active security threats. It is advisable to update your OS to the latest supported version of Windows.

After installing KB5018411, you will get the following improvements:

  1. The start date for daylight saving time in Chile has been updated. Instead of September 4, 2022, it will begin on September 11, 2022.
  2. An issue that affected some virtual machines where UDP packets were dropped has been fixed.
  3. Microsoft HTML Application (MSHTA) files can be enabled and disabled with a Group Policy.
  4. The node on our primary Active Directory Federation Services (AD FS) network fails to register or update its heartbeat due to an error. Consequently, the node is removed from the farm. This issue has now been fixed.
  5. A robocopy issue is addressed.

Download KB5018411 for Windows Server 2016 and Windows 10 1607

Block any Windows Update from installing

Since Patch Tuesday for October 2022 is a mandatory update, it will download and install itself on the schedule. If you want to block it from temporarily or permanently installing, you can follow the steps below:

  1. Download Show or hide updates tool from Microsoft.

  2. Run the utility and start Next to start the scanning process.

    Show or hide updates
    Show or hide updates
  3. Next, select the Hide updates button.

    Hide updates
    Hide updates
  4. The tool will show available updates to hide. Select problematic updates and press Next.

    list of updates to hide
    list of updates to hide
  5. This automatically hides the update from Windows Update and it will not be installed during the next update process. Press the Close button to close.

If you want to unhide or show hidden updates, run the tool again and select Show hidden updates instead of Hide updates. The rest of the process is the same.

Conclusion

Since Patch Tuesday updates are mandatory updates, we should always install them when they are available. However, you should always delay the update installation to an extent to make sure there’s no critical problem with the update.

If you want to dig deeper into Microsoft Patch Tuesday updates, you can go through the following references:

Ghacks summarizes the patch Tuesday updates including Windows as well as other product updates.

Tenable provides a graphical way of explaining the patches.

Rapid7 provides a summary charts and tables of October 2022 Patch Tuesday vulnerability fixes.

I hope this will be helpful in understanding all the security fixes included in Patch Tuesday’s update. Are we missing something that you want included in our Patch Tuesday coverage? Please share your thoughts with us in the comments or contact us directly.

Windows 11 Patch Tuesday History

KB ArticleOS VersionBuildRelease DateSignificant ChangesAnnouncement
KB503689323H2, 22H2226X1.34479-Apr-24Moment 5 features activated: Lock screen widgets, improvements to Narrator and Voice Access, Windows Share, Nearby Share, Snap Layouts, and more.Microsoft announcement of KB5036893
KB503585323H2, 22H2226X1.329612-Mar-24Fixes Windows Update installation known error “0x800F0922”, Support for USB4 v2, edit Android screenshots with Snipping ToolMicrosoft announcement of KB5035853
KB503476523H2, 22H2226X1.315513-Feb-24Fixed Narrator, search in Start menu, and more. Moved Copilot icon in taskbar to the rightMicrosoft announcement of KB5034765
KB503412323H2, 22H2226X1.30079-Jan-23Improved weather widget on lock screen, fixed Wi-Fi connectivity issue for education and corporate usersMicrosoft announcement of KB5034123
KB503337523H2, 22H2226X1.286112-Dec-23Copilot improvements, Windows Spotlight to be the default backgroundMicrosoft announcement of KB5033375
KB503219023H2, 22H2226X1.2715 14-Nov-23Enable Moment 4 features, addresses zero-day vulnerabilities, introduces issues with Copilot and COLRv1.Microsoft announcement of KB5032190
KB503135422H222621.242810-Oct-23Introduces Copilot and Dev Drives, new voice access commands, improvements to Settings app and File ExplorerMicrosoft announcement of KB5031354
KB503021922H222621.228312-Sep-23Improved Search app, search flyout box on hover, easily tab through search resultsMicrosoft announcement of KB5030219
KB502926322H222621.21348-Aug-23Addresses VPN issues, more accurate brightness levels, notifications more reliableMicrosoft Announcement of KB5029263
KB502925321H222000.22958-Aug-23Addresses VPN issues, reliable notificationsMicrosoft Announcement of KB5029253
KB502818522H222621.199211-Jul-23Share local files with Outlook contacts, 78 vulnerabilities addressesMicrosoft Announcement of KB5028185
KB502818221H222000.217611-Jul-23Announcement of some Windows 11 22H2 editions EOL, share local files with Outlook contacts Microsoft Announcement of KB5028182
KB502723122H222621.184813-Jun-23Fixes a known issue with 32-bit apps, addresses a Windows kernel information disclosure vulnerabilityMicrosoft Announcement of KB5027231
KB502722321H222000.205713-Jun-23Fixes a known issue with 32-bit apps, addresses a Windows kernel information disclosure vulnerabilityMicrosoft Announcement of KB5027223
KB502637222H222621.17029-May-23Option to get the latest non-security updates immediately, new animations in the Widgets iconsMicrosoft Announcement of KB5026372
KB502636821H222000.19369-May-23Addresses issues with LSASS and other fixesMicrosoft Announcement of KB5026368
KB502523922H222621.155511-Apr-23Microsoft account notifications in the Start menu, the search box will be lighter in a custom color theme, and a plethora of fixesMicrosoft Announcement of KB5025239
KB502522421H222000.181711-Apr-23Fixes known issues with kiosk devicesMicrosoft Announcement of KB5025224
KB502370622H222621.141314-Mar-23AI Bing search box, iOS linking, tabbed notepad, screen recording from Snipping Tool, redesigned Quick AssistMicrosoft Announcement of KB5023706
KB502369821H222000.169614-Mar-23Phase three of DCOM hardening, other fixesMicrosoft Announcement of KB5023698
KB502284522H222621.126514-Feb-23.NET Framework updates integrated into UUP-based feature updatesMicrosoft Announcement of KB5022845
KB502283621H222000.157414-Feb-23– Combines Windows Spotlight with Themes on the Personalization page
– Multiple changes to the Accounts Settings page
Microsoft Announcement of KB5022836
KB502230322H222621.110510-Jan-23– ODBC Connectivity with SQL Server fixed.
– Local Session Manager security issues fixed
Microsoft Announcement of KB5022303
KB502228721H222000.145510-Jan-23– ODBC Connectivity with SQL Server fixed.
– Local Session Manager security issues fixed
Microsoft Announcement of KB5022287
KB502125522H222621.96313-Dec-22-UI discrepancies in Task Manager are fixed
-DPAPI decryption issue is fixed
Microsoft Announcement of KB5021255
KB5021234 21H222000.133513-Dec-22-UI discrepancies in Task Manager are fixed
-DPAPI decryption issue is fixed
Microsoft Announcement of KB5021234
KB501998022H222621.8198-Nov-22Task Manager option added to taskbar’s context menuMicrosoft Announcement of KB5019980
KB501996121H222000.12198-Nov-22Task Manager option added to taskbar’s context menuMicrosoft Announcement of KB5019961
Changelog for Windows 11 Patch Tuesday updates
If you liked this post, Share it on:
Usman Khurshid is a seasoned IT Pro with over 15 years of experience in the IT industry. He has experience in everything from IT support, helpdesk, sysadmin, network admin, and cloud computing. He is also certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.

Leave the first comment

Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information