The Microsoft December 2022 security updates have been released and consist of 52 new CVEs. Of these CVEs, 6 are rated critical, 43 important, and 3 are rated moderate in severity. At the time of release, one is listed as publicly known and one as being in the wild.
The security updates apply to the following products, features, and roles: .NET Framework, Azure, Client Server Run-time Subsystem (CSRSS), Microsoft Bluetooth Driver, Microsoft Dynamics, Microsoft Edge (Chromium-based), Microsoft Graphics Component, Microsoft Office, Microsoft Office OneNote, Microsoft Office Outlook, Microsoft Office SharePoint, Microsoft Office Visio, Microsoft Windows Codecs Library, Role: Windows Hyper-V, SysInternals, Windows Certificates, Windows Contacts, Windows DirectX, Windows Error Reporting, Windows Fax Compose Form, Windows HTTP Print Provider, Windows Kernel, Windows PowerShell, Windows Print Spooler Components, Windows Projected File System, Windows Secure Socket Tunneling Protocol (SSTP), Windows SmartScreen, Windows Subsystem for Linux, and Windows Terminal.
See the list of KBs at the bottom of the page at December 2022 Security Updates - Release Notes - Security Update Guide - Microsoft for information regarding known issues with the security updates as well as the CVEs with FAQs, Mitigations and/or Workarounds.
Important:
As of December 13, 2022, all editions of Windows 10, version 21H1 have reached end of servicing. The December 2022 security update is the last update available for this version. Devices running this version will no longer receive monthly security and preview updates containing protections from the latest security threats.
Windows 8.1 will reach the end of support January 10, 2023. The December 13, 2022 security update will be the last update available for this version. After that date, devices running this version will no longer receive monthly security and quality updates.
Recommended Reading: See Dustin Childs review and analysis in Zero Day Initiative -- The November 2022 Security Update Review.
Additional Update Notes:
- MSRT -- The Malicious Software Removal Tool is now run on a quarterly basis rather than monthly. See Remove specific prevalent malware with Windows Malicious Software Removal Tool.
- Servicing Stack Updates -- Microsoft now combines the latest servicing stack update (SSU) for your operating system with the Latest Cumulative Updates (LCU). For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
- Windows updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows, in addition to non-security updates. The updates are also available via search for the KB number in the Microsoft Update Catalog.
- For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows 10 Home and Pro - Microsoft Lifecycle | Microsoft Docs and Windows 11 Home and Pro (Version 21H2) - Microsoft Lifecycle | Microsoft Docs.
- Windows Update History:
References
No comments:
Post a Comment