Patch Tuesday October 2022: 85 patches released by Microsoft

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Check out the entire list of updates released via this month's Patch Tuesday event.
  • October 2022 comes with a whopping 64 new updates for various Windows CVEs.
  • Out of all the CVEs, 15 are rated Critical, 69 are Important, and one is  Moderate.
patch tuesday

XINSTALL BY CLICKING THE DOWNLOAD FILE
To fix various PC problems, we recommend Restoro PC Repair Tool:
This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues and remove viruses now in 3 easy steps:

  1. Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
  2. Click Start Scan to find Windows issues that could be causing PC problems.
  3. Click Repair All to fix issues affecting your computer's security and performance
  • Restoro has been downloaded by 0 readers this month.

It’s almost the end of 2022 and we’ve already reached October, which means the temperatures are slowly but surely starting to drop, so we can get our winter coats out.

Furthermore, it’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.

We’ve already provided the direct download links for the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.

For October, Microsoft released 85 new patches, which is a lot more than some people were expecting in the middle of autumn.

These software updates address CVEs in:

  • Microsoft Windows and Windows Components
  • Azure, Azure Arc, and Azure DevOps
  • Microsoft Edge (Chromium-based)
  • Office and Office Components
  • Visual Studio Code
  • Active Directory Domain Services and Active Directory Certificate Services
  • Nu Get Client
  • Hyper-V
  • Windows Resilient File System (ReFS)

The month of October comes with 85 new security updates

It’s pretty much safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts and developers.

You might like to know that, out of the 85 new CVEs released, 15 are rated as Critical, 69 are rated Important, and only one is rated Moderate in severity.

Looking back, we can say that this volume is somewhat in line with what we’ve seen in previous October releases, however, it sets Microsoft on track to exceed its 2021 total.

And, if that were to happen, 2022 would the second busiest year for Microsoft CVEs, so keep that in mind if you want to compare it to other periods.

Know that one of the new CVEs released this month is listed as publicly known and one other is listed as being in the wild at the time of release.

Expert tip:

SPONSORED

Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.

We are going to take a closer look at the patches released in October 2022 and rank them by severity, type, and active exploitation status.

CVE Title Severity CVSS Public Exploited Type
CVE-2022-41033 Windows COM+ Event System Service Elevation of Privilege Vulnerability Important 7.8 No Yes EoP
CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability Important 4 Yes No Info
CVE-2022-37976 Active Directory Certificate Services Elevation of Privilege Vulnerability Critical 8.8 No No EoP
CVE-2022-37968 Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability Critical 10 No No EoP
CVE-2022-38049 Microsoft Office Graphics Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-38048 Microsoft Office Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-41038 Microsoft SharePoint Server Remote Code Execution Vulnerability Critical 8.8 No No RCE
CVE-2022-34689 Windows CryptoAPI Spoofing Vulnerability Critical 7.5 No No Spoofing
CVE-2022-41031 Microsoft Word Remote Code Execution Vulnerability Critical 7.8 No No RCE
CVE-2022-37979 Windows Hyper-V Elevation of Privilege Vulnerability Critical 7.8 No No EoP
CVE-2022-30198 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-22035 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-38047 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-41081 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Critical 8.1 No No RCE
CVE-2022-38042 Active Directory Domain Services Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-38021 Connected User Experiences and Telemetry Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-37977 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Important 6.5 No No DoS
CVE-2022-37983 Microsoft DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38040 Microsoft ODBC Driver Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-38001 Microsoft Office Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2022-41036 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-41037 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-38053 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-37982 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-38031 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Important 8.8 No No RCE
CVE-2022-37971 Microsoft Windows Defender Elevation of Privilege Vulnerability Important 7.1 No No EoP
CVE-2022-41032 NuGet Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38045 Server Service Remote Protocol Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability Important 6.2 No No Spoofing
CVE-2022-38017 StorSimple 8000 Series Elevation of Privilege Vulnerability Important 6.8 No No EoP
CVE-2022-41083 Visual Studio Code Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-41042 Visual Studio Code Information Disclosure Vulnerability Important 7.4 No No Info
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability Important 6.2 No No Info
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37978 Windows Active Directory Certificate Services Security Feature Bypass Important 7.5 No No SFB
CVE-2022-38029 Windows ALPC Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-38044 Windows CD-ROM File System Driver Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-37989 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37987 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37980 Windows DHCP Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38026 Windows DHCP Client Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-38025 Windows Distributed File System (DFS) Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-37970 Windows DWM Core Library Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37981 Windows Event Logging Service Denial of Service Vulnerability Important 4.3 No No DoS
CVE-2022-33635 Windows GDI+ Remote Code Execution Vulnerability Important 7.8 No No RCE
CVE-2022-38051 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37985 Windows Graphics Component Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-37975 Windows Group Policy Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37999 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37993 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37994 Windows Group Policy Preference Client Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37995 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37988 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38037 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38039 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37991 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38022 Windows Kernel Elevation of Privilege Vulnerability Important 2.5 No No EoP
CVE-2022-37996 Windows Kernel Memory Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability Important 8.8 No No EoP
CVE-2022-37998 Windows Local Session Manager (LSM) Denial of Service Vulnerability Important 7.7 No No DoS
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability Important 7.7 No No DoS
CVE-2022-37974 Windows Mixed Reality Developer Tools Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-35770 Windows NTLM Spoofing Vulnerability Important 6.5 No No Spoofing
CVE-2022-37965 Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability Important 5.9 No No DoS
CVE-2022-38032 Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability Important 5.9 No No SFB
CVE-2022-38028 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38003 Windows Resilient File System Elevation of Privilege Important 7.8 No No EoP
CVE-2022-38041 Windows Secure Channel Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-38043 Windows Security Support Provider Interface Information Disclosure Vulnerability Important 5.5 No No Info
CVE-2022-38033 Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability Important 6.5 No No Info
CVE-2022-38027 Windows Storage Elevation of Privilege Vulnerability Important 7 No No EoP
CVE-2022-33645 Windows TCP/IP Driver Denial of Service Vulnerability Important 7.5 No No DoS
CVE-2022-38030 Windows USB Serial Driver Information Disclosure Vulnerability Important 4.3 No No Info
CVE-2022-37986 Windows Win32k Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-37984 Windows WLAN Service Elevation of Privilege Vulnerability Important 7.8 No No EoP
CVE-2022-38034 Windows Workstation Service Elevation of Privilege Vulnerability Important 4.3 No No EoP
CVE-2022-41035 Microsoft Edge (Chromium-based) Spoofing Vulnerability Moderate 8.3 No No Spoofing
CVE-2022-3304 Chromium: CVE-2022-3304 Use after free in CSS High N/A No No RCE
CVE-2022-3307 Chromium: CVE-2022-3307 Use after free in Media High N/A No No RCE
CVE-2022-3370 Chromium: CVE-2022-3370 Use after free in Custom Elements High N/A No No RCE
CVE-2022-3373 Chromium: CVE-2022-3373 Out of bounds write in V8 High N/A No No RCE
CVE-2022-3308 Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools Medium N/A No No SFB
CVE-2022-3310 Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs Medium N/A No No SFB
CVE-2022-3311 Chromium: CVE-2022-3311 Use after free in Import Medium N/A No No RCE
CVE-2022-3313 Chromium: CVE-2022-3313 Incorrect security UI in Full Screen Medium N/A No No SFB
CVE-2022-3315 Chromium: CVE-2022-3315 Type confusion in Blink Medium N/A No No RCE
CVE-2022-3316 Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing Low N/A No No Spoofing
CVE-2022-3317 Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents Low N/A No No Spoofing

This October 2022 patch release also includes fixes for 11 information disclosure bugs, including one in Office that’s listed as publicly known.

The rest of the info disclosure vulnerabilities only result in leaks consisting of unspecified memory contents, according to experts.

However, the bug in the Web Account Manager could allow an attacker to view unbound refresh tokens issued by one cloud on a different cloud.

Also, the patches for Visual Studio Code and the Mixed Reality Developer Tools fix disclosure bugs that could allow reading from the file system.

That being said, know that the final info disclosure bug fixed this month could allow reading from the HKLM hive of the registry which you normally would not have access to.

Furthermore, eight different DoS vulnerabilities were patched this month, the most interesting being the DoS in TCP/IP, which could be exploited by remote, unauthenticated attackers and does not require user interaction.

This update rollout is rounded out by five spoofing bugs, including the lone Moderate-rated fix, which addresses a spoofing vulnerability in Microsoft Edge (Chromium-based).

Looking forward, the next Patch Tuesday security update rollout will be on the 8th of November, which is a bit sooner than some expected it.

Have you found any other issues after installing this month’s security updates? Share your opinion in the comments section below.

Still having issues? Fix them with this tool:

SPONSORED

If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: