Security News

October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has been found being exploited in the wild.CVE-2022-41033 is an elevation of privilege vulnerability in the Windows COM+ Event System Service, which automatically distributs events to Component Object Model components.

Microsoft has released the Windows 11 22H2 KB5018427 cumulative update with security updates and thirty improvements and bug fixes. KB5018427 is a mandatory cumulative update containing the October 2022 Patch Tuesday security updates for vulnerabilities discovered in previous months.

Microsoft has released the Windows 10 KB5018410 and KB5018419 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve twenty bugs and performance issues. This update is not available for Windows 10 1909 or Windows 10 2004.

Microsoft is now blocking the Windows 11 22H2 update from being offered on some systems because signing in using Windows Hello might not work after upgrading. As the company explains, customers will experience problems signing in via Windows Hello after installing the Windows 11 2022 Update only on devices that also use Enhanced Sign-in Security.

Microsoft has confirmed a new known issue causing customers to experience a significant performance hit when copying large files over SMB after installing the Windows 11 22H2 update. "There is a performance reduction in 22H2 when copying larger files from a remote computer down to a Windows 11 computer or when copying files on a local drive," explained Ned Pyle, Principal Program Manager in the Windows Server engineering group.

In yet another case of bring your own vulnerable driver attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security products rely to provide protection," Sophos threat researcher Andreas Klopsch said in a new technical write-up.

Microsoft says the Windows 11 2022 Update is breaking provisioning, leaving Windows 11 enterprise endpoints partially configured and failing to finish installing. "Using provisioning packages on Windows 11, version 22H2 might not work as expected," Redmond explained.

Microsoft is investigating user reports of issues with Remote Desktop on Windows 11 systems after installing the Windows 11 2022 Update. Installing the Windows 11 22H2 feature update will cause Remote Desktop clients not to connect, randomly disconnect, or freeze unexpectedly.

Microsoft says the Windows 11 2022 Update has a new deployment phase as it is now available to all seekers on eligible devices. "We are entering a new phase of the rollout for Windows 11, version 22H2 and we are increasing its availability to all who check for updates on eligible Windows devices," the company says on the Windows Health dashboard.

Microsoft has released the Windows 11 22H2 KB5017389 preview cumulative update with 30 fixes or improvements. This Windows 11 update is part of Microsoft's September 2022 monthly "C" update, allowing users to test upcoming fixes coming in the October 2022 Patch Tuesday.