Microsoft Security Bulletin Re-Releases/Advisories

February 2021 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core
• .NET Framework
• Azure IoT
• Developer Tools
• Microsoft Azure Kubernetes Service
• Microsoft Dynamics
• Microsoft Edge for Android
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows Codecs Library
• Role: DNS Server
• Role: Hyper-V
• Role: Windows Fax Service
• Skype for Business
• SysInternals
• System Center
• Visual Studio
• Windows Address Book
• Windows Backup Engine
• Windows Console Driver
• Windows Defender
• Windows DirectX
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Mobile Device Management
• Windows Network File System
• Windows PFX Encryption
• Windows PKU2U
• Windows PowerShell
• Windows Print Spooler Components
• Windows Remote Procedure Call
• Windows TCP/IP
• Windows Trust Verification API

Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-1722
• CVE-2021-1726
• CVE-2021-1728
• CVE-2021-1730
• CVE-2021-1731
• CVE-2021-1733
• CVE-2021-1734
• CVE-2021-24066
• CVE-2021-24067
• CVE-2021-24068
• CVE-2021-24069
• CVE-2021-24070
• CVE-2021-24071
• CVE-2021-24074
• CVE-2021-24076
• CVE-2021-24077
• CVE-2021-24078
• CVE-2021-24079
• CVE-2021-24084
• CVE-2021-24085
• CVE-2021-24086
• CVE-2021-24087
• CVE-2021-24092
• CVE-2021-24093
• CVE-2021-24094
• CVE-2021-24098
• CVE-2021-24100
• CVE-2021-24101
• CVE-2021-24105
• CVE-2021-24106
• CVE-2021-24109
• CVE-2021-24112
• CVE-2021-24114
• CVE-2021-25195
• CVE-2021-26700
• CVE-2021-26701

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4493194 SharePoint Server 2019
4493195 SharePoint Enterprise Server 2016
4493210 SharePoint Foundation 2013
4493223 SharePoint Foundation 2010
4571787 Exchange Server 2019
4600944 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
4600945 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2
4600957 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012
4601048 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4601050 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 2004, Windows Server, version 2004, Windows 10, version 20H2, and Windows Server, version 20H2
4601051 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016
4601052 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703
4601054 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803
4601055 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
4601056 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909, and Windows Server, version 1909
4601057 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012
4601058 Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4601060 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019
4601315 Windows 10, Version 1909, Windows Server, Version 1909
4601318 Windows 10, Version 1607, Windows Server 2016
4601319 Windows 10, version 2004
4601345 Windows 10, Version 1809, Windows Server 2019
4601347 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
4601348 Windows Server 2012 (Monthly Rollup)
4601349 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
4601357 Windows Server 2012 (Security-only update)
4601360 Windows Server 2008 (Monthly Rollup)
4601363 Windows 7, Windows Server 2008 R2 (Security-only update)
4601366 Windows Server 2008 (Security-only update)
4601384 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
4601887 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019
4602269 Exchange Server 2019, Exchange Server 2016
4603002 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1
4603003 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012
4603004 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2
4603005 Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2
https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb

 

March 2021 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• Application Virtualization
• Azure
• Azure DevOps
• Azure Sphere
• Internet Explorer
• Microsoft ActiveX
• Microsoft Exchange Server
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows Codecs Library
• Power BI
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Admin Center
• Windows Container Execution Agent
• Windows DirectX
• Windows Error Reporting
• Windows Event Tracing
• Windows Extensible Firmware Interface
• Windows Folder Redirection
• Windows Installer
• Windows Media
• Windows Overlay Filter
• Windows Print Spooler Components
• Windows Projected File System Filter Driver
• Windows Registry
• Windows Remote Access API
• Windows Storage Spaces Controller
• Windows Update Assistant
• Windows Update Stack
• Windows UPnP Device Host
• Windows User Profile Service
• Windows WalletService
• Windows Win32K

Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Please see the following for more information on the Microsoft Exchange Server Vulnerabilities:

• MSRC Blog
• Hafnium Targeting Exchange
• Microsoft on the Issues
• Exchange Team Blog
• March 8 Exchange Team Blog
• Microsoft Exchange Server Vulnerabilities Mitigations

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-1640
• CVE-2021-24089
• CVE-2021-24104
• CVE-2021-24107
• CVE-2021-24108
• CVE-2021-24110
• CVE-2021-26411
• CVE-2021-26855
• CVE-2021-26857
• CVE-2021-26858
• CVE-2021-26859
• CVE-2021-26867
• CVE-2021-26869
• CVE-2021-26877
• CVE-2021-26884
• CVE-2021-26887
• CVE-2021-26893
• CVE-2021-26894
• CVE-2021-26895
• CVE-2021-26896
• CVE-2021-26897
• CVE-2021-26902
• CVE-2021-27047
• CVE-2021-27048
• CVE-2021-27049
• CVE-2021-27050
• CVE-2021-27051
• CVE-2021-27052
• CVE-2021-27054
• CVE-2021-27055
• CVE-2021-27056
• CVE-2021-27057
• CVE-2021-27058
• CVE-2021-27059
• CVE-2021-27061
• CVE-2021-27062
• CVE-2021-27063
• CVE-2021-27065
• CVE-2021-27067
• CVE-2021-27074
• CVE-2021-27075
• CVE-2021-27076
• CVE-2021-27080
• CVE-2021-27082

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5000802 Windows 10, Version 2004, Windows Server, Version 2004
5000803 Windows 10, Version 1607, Windows Server 2016
5000808 Windows 10, Version 1909, Windows Server, Version 1909
5000822 Windows 10, Version 1809, Windows Server 2019
5000840 Windows Server 2012 (Security-only update)
5000841 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5000844 Windows Server 2008 (Monthly Rollup)
5000847 Windows Server 2012 (Monthly Rollup)
5000848 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5000851 Windows 7, Windows Server 2008 R2 (Security-only update)
5000853 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5000856 Windows Server 2008 (Security-only update)
5000871 Microsoft Exchange Server 2019, 2016 and 2013
5000978 Microsoft Exchange Server 2010
Released: Mar 9, 2021
March 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

April 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• Azure AD Web Sign-in
• Azure DevOps
• Azure Sphere
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Internet Messaging API
• Microsoft NTFS
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows Speech
• Open Source Software
• Role: DNS Server
• Role: Hyper-V
• Visual Studio
• Visual Studio Code
• Visual Studio Code - GitHub Pull Requests and Issues Extension
• Visual Studio Code - Kubernetes Tools
• Visual Studio Code - Maven for Java Extension
• Windows Application Compatibility Cache
• Windows AppX Deployment Extensions
• Windows Console Driver
• Windows Diagnostic Hub
• Windows Early Launch Antimalware Driver
• Windows ELAM
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Media Player
• Windows Network File System
• Windows Overlay Filter
• Windows Portmapping
• Windows Registry
• Windows Remote Procedure Call Runtime
• Windows Resource Manager
• Windows Secure Kernel Mode
• Windows Services and Controller App
• Windows SMB Server
• Windows TCP/IP
• Windows Win32K
• Windows WLAN Auto Config Service

Please note the following information regarding the security updates:

Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-21194
• CVE-2021-21195
• CVE-2021-21196
• CVE-2021-21197
• CVE-2021-21198
• CVE-2021-21199
• CVE-2021-26416
• CVE-2021-26417
• CVE-2021-27067
• CVE-2021-27079
• CVE-2021-27093
• CVE-2021-27095
• CVE-2021-28309
• CVE-2021-28315
• CVE-2021-28317
• CVE-2021-28318
• CVE-2021-28323
• CVE-2021-28324
• CVE-2021-28325
• CVE-2021-28328
• CVE-2021-28435
• CVE-2021-28437
• CVE-2021-28441
• CVE-2021-28442
• CVE-2021-28444
• CVE-2021-28446
• CVE-2021-28449
• CVE-2021-28451
• CVE-2021-28452
• CVE-2021-28453
• CVE-2021-28454
• CVE-2021-28456
• CVE-2021-28460
• CVE-2021-28464
• CVE-2021-28466
• CVE-2021-28468
• CVE-2021-28480
• CVE-2021-28481
• CVE-2021-28482
• CVE-2021-28483

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
4504715 SharePoint Server 2019 Language Pack
4504716 SharePoint Server 2019
5001330 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2
5001332 Windows Server 2008 (Security-only update)
5001335 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5001337 Windows 10, Version 1909, Windows Server, Version 1909
5001342 Windows 10, Version 1809, Windows Server 2019
5001347 Windows 10, Version 1607, Windows Server 2016
5001382 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5001383 Windows Server 2012 (Security-only update)
5001387 Windows Server 2012 (Monthly Rollup)
5001389 Windows Server 2008 (Monthly Rollup)
5001392 Windows 7, Windows Server 2008 R2 (Security-only update)
5001393 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5001779 Microosft Exchange Server 2019, 2016, 2013

April 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

May 2021 Security Updates


Updates this Month



This release consists of security updates for the following products, features and roles.

• .NET Core & Visual Studio
  
  
• HTTP.sys
  
  
• Internet Explorer
  
  
• Microsoft Accessibility Insights for Web
  
  
• Microsoft Bluetooth Driver
  
  
• Microsoft Dynamics Finance & Operations
  
  
• Microsoft Exchange Server
  
  
• Microsoft Graphics Component
  
  
• Microsoft Office
  
  
• Microsoft Office Access
  
  
• Microsoft Office Excel
  
  
• Microsoft Office SharePoint
  
  
• Microsoft Office Word
  
  
• Microsoft Windows Codecs Library
  
  
• Microsoft Windows IrDA
  
  
• Open Source Software
  
  
• Role: Hyper-V
  
  
• Skype for Business and Microsoft Lync
  
  
• Visual Studio
  
  
• Visual Studio Code
  
  
• Windows Container Isolation FS Filter Driver
  
  
• Windows Container Manager Service
  
  
• Windows Cryptographic Services
  
  
• Windows CSC Service
  
  
• Windows Desktop Bridge
  
  
• Windows OLE
  
  
• Windows Projected File System FS Filter
  
  
• Windows RDP Client
  
  
• Windows SMB
  
  
• Windows SSDP Service
  
  
• Windows WalletService
  
  
• Windows Wireless Networking
  

Please note the following information regarding the security updates:



Security Update Guide Blog Posts

Date Blog Post

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2020-24587
  
  
• CVE-2021-1720
  
  
• CVE-2021-26419
  
  
• CVE-2021-28455
  
  
• CVE-2021-28465
  
  
• CVE-2021-28474
  
  
• CVE-2021-28479
  
  
• CVE-2021-31166
  
  
• CVE-2021-31171
  
  
• CVE-2021-31173
  
  
• CVE-2021-31174
  
  
• CVE-2021-31175
  
  
• CVE-2021-31176
  
  
• CVE-2021-31177
  
  
• CVE-2021-31178
  
  
• CVE-2021-31179
  
  
• CVE-2021-31180
  
  
• CVE-2021-31184
  
  
• CVE-2021-31186
  
  
• CVE-2021-31191
  
  
• CVE-2021-31205
  
  
• CVE-2021-31206
  
  
• CVE-2021-31207
  
  
• CVE-2021-31209
  
  
• CVE-2021-31211
  
  
• CVE-2021-31213
  
  
• CVE-2021-31214
  
  
• CVE-2021-31936
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.



For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).



KB Article Applies To

5003169 Windows 10, Version 1909, Windows Server, Version 1909

5003171 Windows 10, Version 1809, Windows Server 2019

5003173 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2

5003197 Windows 10, Version 1607, Windows Server 2016

5003203 Windows Server 2012 (Security-only update)

5003208 Windows Server 2012 (Monthly Rollup)

5003209 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5003210 Windows Server 2008 SP2 (Monthly Rollup)

5003220 Windows 8.1 Windows Server 2012 R2 (Security-only update)

5003225 Windows Server 2008 SP2 (Security-only update)

5003228 Windows 7 SP2, Windows Server 2008 R2 (Security-only update)

5003233 Windows 7 SP2, Windows Server 2008 R2 (Monthly Rollup)

5003435 Exchange Server 2019, 2016, and 2013



May 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: May 27, 2021
**************************************************************************************

Summary
=======

The following CVEs have been released on May 27, 2021.

* CVE-2021-31982
* CVE-2021-31937

- CVE-2021-31937 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31937
- Version 1.0
- Reason for Revision: Information published.
- Originally posted: May 27, 2021
- Updated: N/A
- Aggregate CVE Severity Rating: Important


- CVE-2021-31982 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31982
- Version 1.0
- Reason for Revision: Information published.
- Originally posted: May 27, 2021
- Updated: N/A
- Aggregate CVE Severity Rating: Important


The following CVEs were assigned by Chrome. Microsoft Edge
(Chromium-based) ingests Chromium, which addresses these vulnerabilities. Please see
Google Chrome Releases (https://chromereleases.googleblog.com/2021) for more information.

See
https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/
for more information about third-party CVEs in the Security Update Guide.

* CVE-2021-30521
* CVE-2021-30522
* CVE-2021-30523
* CVE-2021-30524
* CVE-2021-30525
* CVE-2021-30526
* CVE-2021-30527
* CVE-2021-30528
* CVE-2021-30529
* CVE-2021-30530
* CVE-2021-30531
* CVE-2021-30532
* CVE-2021-30533
* CVE-2021-30534
* CVE-2021-30535
* CVE-2021-30536
* CVE-2021-30537
* CVE-2021-30538
* CVE-2021-30539
* CVE-2021-30540

Revision Information:
=====================

- Version 1.0
- Reason for Revision: Information published.
- Originally posted: May 27, 2021

 

June 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core & Visual Studio
• 3D Viewer
• Microsoft DWM Core Library
• Microsoft Intune
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Office SharePoint
• Microsoft Scripting Engine
• Microsoft Windows Codecs Library
• Paint 3D
• Role: Hyper-V
• Visual Studio Code - Kubernetes Tools
• Windows Bind Filter Driver
• Windows Common Log File System Driver
• Windows Cryptographic Services
• Windows DCOM Server
• Windows Defender
• Windows Drivers
• Windows Event Logging Service
• Windows Filter Manager
• Windows HTML Platform
• Windows Installer
• Windows Kerberos
• Windows Kernel
• Windows Kernel-Mode Drivers
• Windows Network File System
• Windows NTFS
• Windows NTLM
• Windows Print Spooler Components
• Windows Remote Desktop
• Windows TCP/IP

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-26414
• CVE-2021-31199
• CVE-2021-31201
• CVE-2021-31938
• CVE-2021-31939
• CVE-2021-31940
• CVE-2021-31941
• CVE-2021-31942
• CVE-2021-31943
• CVE-2021-31944
• CVE-2021-31945
• CVE-2021-31946
• CVE-2021-31949
• CVE-2021-31955
• CVE-2021-31956
• CVE-2021-31958
• CVE-2021-31959
• CVE-2021-31960
• CVE-2021-31962
• CVE-2021-31965
• CVE-2021-31967
• CVE-2021-31971
• CVE-2021-31972
• CVE-2021-31975
• CVE-2021-31976
• CVE-2021-31977
• CVE-2021-31978
• CVE-2021-31980
• CVE-2021-31983
• CVE-2021-31985
• CVE-2021-33739
• CVE-2021-33741
• CVE-2021-33742

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5001944 SharePoint Server 2019
5001946 SharePoint Enterprise Server 2016
5001962 SharePoint Foundation 2013
5003635 Windows 10, Version 1909
5003637 Windows 10, version 21H1, Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2
5003646 Windows 10, Version 1809, Windows Server 2019
5003661 Windows Server 2008 Service Pack 2 ((Monthly Rollup)
5003667 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
5003671 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5003681 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5003694 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
5003695 Windows Server 2008 Service Pack 2 (Security-only update)
5003696 Windows Server 2012 (Security-only update)
5003697 Windows Server 2012 (Monthly Rollup)

June 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

July 2021 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• Common Internet File System
• Dynamics Business Central Control
• Microsoft Bing
• Microsoft Dynamics
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Scripting Engine
• Microsoft Windows Codecs Library
• Microsoft Windows DNS
• Microsoft Windows Media Foundation
• OpenEnclave
• Power BI
• Role: DNS Server
• Role: Hyper-V
• Visual Studio Code
• Visual Studio Code - .NET Runtime
• Visual Studio Code - Maven for Java Extension
• Windows Active Directory
• Windows Address Book
• Windows AF_UNIX Socket Provider
• Windows AppContainer
• Windows AppX Deployment Extensions
• Windows Authenticode
• Windows Cloud Files Mini Filter Driver
• Windows Console Driver
• Windows Defender
• Windows Desktop Bridge
• Windows Event Tracing
• Windows File History Service
• Windows Hello
• Windows HTML Platform
• Windows Installer
• Windows Kernel
• Windows Key Distribution Center
• Windows Local Security Authority Subsystem Service
• Windows MSHTML Platform
• Windows Partition Management Driver
• Windows PFX Encryption
• Windows Print Spooler Components
• Windows Projected File System
• Windows Remote Access Connection Manager
• Windows Remote Assistance
• Windows Secure Kernel Mode
• Windows Security Account Manager
• Windows Shell
• Windows SMB
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Win32K

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-31206
• CVE-2021-31947
• CVE-2021-31961
• CVE-2021-33749
• CVE-2021-33750
• CVE-2021-33752
• CVE-2021-33753
• CVE-2021-33756
• CVE-2021-33757
• CVE-2021-33760
• CVE-2021-33763
• CVE-2021-33764
• CVE-2021-33767
• CVE-2021-33768
• CVE-2021-33775
• CVE-2021-33776
• CVE-2021-33777
• CVE-2021-33778
• CVE-2021-33783
• CVE-2021-34440
• CVE-2021-34447
• CVE-2021-34451
• CVE-2021-34452
• CVE-2021-34454
• CVE-2021-34457
• CVE-2021-34458
• CVE-2021-34464
• CVE-2021-34469
• CVE-2021-34470
• CVE-2021-34474
• CVE-2021-34491
• CVE-2021-34496
• CVE-2021-34497
• CVE-2021-34500
• CVE-2021-34501
• CVE-2021-34507
• CVE-2021-34509
• CVE-2021-34518
• CVE-2021-34519
• CVE-2021-34521
• CVE-2021-34522
• CVE-2021-34527

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5004237 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2, Windows 10, Version 21H1
5004244 Windows 10, Version 1809, Windows Server 2019
5004285 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5004289 Windows 7 SP1, Windows Server 2008 R2 SP1 (Monthly Rollup)
5004294 Windows Server 2012 (Monthly Rollup)
5004298 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5004299 Windows Server 2008 SP2 (Security-only update)
5004302 Windows Server 2012 (Security-only update)
5004305 Windows Server 2008 SP2 (Monthly Rollup)
5004307 Windows 7 SP1, Windows Server 2008 R2 SP1(Security-only update)
5004778 Exchange Server 2013
5004779 Exchange Server 2016
5004780 Exchange Server 2019

https://msrc.microsoft.com/update-guide/releaseNote/2021-Jul

 

August 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core & Visual Studio
• ASP .NET
• Azure
• Azure Sphere
• Microsoft Azure Active Directory Connect
• Microsoft Dynamics
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Scripting Engine
• Microsoft Windows Codecs Library
• Remote Desktop Client
• Windows Bluetooth Service
• Windows Cryptographic Services
• Windows Defender
• Windows Event Tracing
• Windows Media
• Windows MSHTML Platform
• Windows NTLM
• Windows Print Spooler Components
• Windows Services for NFS ONCRPC XDR Driver
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Update
• Windows Update Assistant
• Windows User Profile Service

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-26428
• CVE-2021-26429
• CVE-2021-26430
• CVE-2021-26433
• CVE-2021-34478
• CVE-2021-34485
• CVE-2021-34532
• CVE-2021-36926
• CVE-2021-36932
• CVE-2021-36933
• CVE-2021-36938
• CVE-2021-36941
• CVE-2021-36949

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5005030 Windows 10, Version 1809, Windows Server 2019
5005031 Windows 10, Version 1909
5005033 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2, Windows 10, Version 21H1
5005040 Windows 10
5005076 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5005088 Windows 7 SP1, Windows Server 2008 R2 SP1 (Monthly Rollup)
5005089 Windows 7 SP1, Windows Server 2008 R2 SP1 (Security-only update)
5005090 Windows Server 2008 SP2 (Monthly Rollup)
5005094 Windows Server 2012 (Security-only update)
5005095 Windows Server 2008 SP2 (Security-only update)
5005099 Windows Server 2012 (Monthly Rollup)
5005106 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)

Released: Aug 10, 2021
August 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

September 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• Azure Open Management Infrastructure
• Azure Sphere
• Dynamics Business Central Control
• Microsoft Accessibility Insights for Android
• Microsoft Edge (Chromium-based)
• Microsoft Edge for Android
• Microsoft MPEG-2 Video Extension
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Microsoft Windows DNS
• Visual Studio
• Windows Ancillary Function Driver for WinSock
• Windows Authenticode
• Windows Bind Filter Driver
• Windows BitLocker
• Windows Common Log File System Driver
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Key Storage Provider
• Windows MSHTML Platform
• Windows Print Spooler Components
• Windows Redirected Drive Buffering
• Windows Scripting
• Windows SMB
• Windows Storage
• Windows Subsystem for Linux
• Windows TDX.sys
• Windows Update
• Windows Win32K
• Windows WLAN Auto Config Service
• Windows WLAN Service

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-26435
• CVE-2021-30606
• CVE-2021-30607
• CVE-2021-30608
• CVE-2021-30609
• CVE-2021-30610
• CVE-2021-30611
• CVE-2021-30612
• CVE-2021-30613
• CVE-2021-30614
• CVE-2021-30615
• CVE-2021-30616
• CVE-2021-30617
• CVE-2021-30618
• CVE-2021-30619
• CVE-2021-30620
• CVE-2021-30621
• CVE-2021-30622
• CVE-2021-30623
• CVE-2021-30624
• CVE-2021-36956
• CVE-2021-36960
• CVE-2021-36962
• CVE-2021-36969
• CVE-2021-36972
• CVE-2021-38624
• CVE-2021-38629
• CVE-2021-38632
• CVE-2021-38635
• CVE-2021-38636
• CVE-2021-38637
• CVE-2021-38644
• CVE-2021-38645
• CVE-2021-38646
• CVE-2021-38647
• CVE-2021-38648
• CVE-2021-38649
• CVE-2021-38650
• CVE-2021-38654
• CVE-2021-38655
• CVE-2021-38656
• CVE-2021-38657
• CVE-2021-38658
• CVE-2021-38659
• CVE-2021-38660
• CVE-2021-38661
• CVE-2021-38667
• CVE-2021-38669
• CVE-2021-40448

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5005565 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2
5005568 Windows 10, Version 1809
5005606 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5005607 Windows Server 2012 (Security-only update)
5005613 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5005615 Windows 7, Windows Server 2008 R2 (Security-only update)
5005618 Windows Server 2008 (Security-only update)
5005623 Windows Server 2012 (Monthly Rollup)
5005627 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5005633 Windows 7, Windows Server 2008 R2 (Monthly Rollup)

Released: Sep 14, 2021
https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep

 

October 2021 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core & Visual Studio
• Active Directory Federation Services
• Console Window Host
• HTTP.sys
• Microsoft DWM Core Library
• Microsoft Dynamics
• Microsoft Dynamics 365 Sales
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Intune
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows Codecs Library
• Rich Text Edit Control
• Role: DNS Server
• Role: Windows Active Directory Server
• Role: Windows AD FS Server
• Role: Windows Hyper-V
• System Center
• Visual Studio
• Windows AppContainer
• Windows AppX Deployment Service
• Windows Bind Filter Driver
• Windows Cloud Files Mini Filter Driver
• Windows Common Log File System Driver
• Windows Desktop Bridge
• Windows DirectX
• Windows Event Tracing
• Windows exFAT File System
• Windows Fastfat Driver
• Windows Installer
• Windows Kernel
• Windows MSHTML Platform
• Windows Nearby Sharing
• Windows Network Address Translation (NAT)
• Windows Print Spooler Components
• Windows Remote Procedure Call Runtime
• Windows Storage Spaces Controller
• Windows TCP/IP
• Windows Text Shaping
• Windows Win32K

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• IMPORTANT ANNOUNCEMENT: In the coming months we will be moving to a new, more user-friendly and flexible system for delivering Microsoft Technical Security Notifications. Upcoming information about how you can sign up for and receive these Technical Security Notifications will be coming soon.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2020-1971
• CVE-2021-26427
• CVE-2021-26441
• CVE-2021-3449
• CVE-2021-3450
• CVE-2021-37974
• CVE-2021-37975
• CVE-2021-37976
• CVE-2021-38662
• CVE-2021-38663
• CVE-2021-38672
• CVE-2021-40454
• CVE-2021-40456
• CVE-2021-40457
• CVE-2021-40460
• CVE-2021-40468
• CVE-2021-40469
• CVE-2021-40471
• CVE-2021-40472
• CVE-2021-40473
• CVE-2021-40474
• CVE-2021-40475
• CVE-2021-40479
• CVE-2021-40480
• CVE-2021-40481
• CVE-2021-40482
• CVE-2021-40485
• CVE-2021-40486
• CVE-2021-40487
• CVE-2021-40489
• CVE-2021-41332
• CVE-2021-41336
• CVE-2021-41337
• CVE-2021-41342
• CVE-2021-41343
• CVE-2021-41352
• CVE-2021-41355
• CVE-2021-41361
• CVE-2021-41363

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5006670 Windows 10, Version 20H2
5006672 Windows 10, Version 1809, Windows Server 2019
5006714 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Monthly Rollup)
5006715 Windows Server 2008 SP2 (Security-only update)
5006728 Windows 7, Windows Server 2008 R2 (Security-only update)
5006729 Windows 8.1, Windows RT 8.1, Windows Server 2012 R2 (Security-only update)
5006732 Windows Server 2012 (Security-only update)
5006736 Windows Server 2008 SP2 (Monthly Rollup)
5006739 Windows Server 2012 (Monthly Rollup)
5006743 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5007011 Exchange Server 2013
5007012 Exchange Server 2016, Exchange Server 2019
Released: Oct 12, 2021

https://msrc.microsoft.com/update-guide/releaseNote/2021-Oct

 

November 2021 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• 3D Viewer
• Azure
• Azure RTOS
• Azure Sphere
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Edge (Chromium-based) in IE Mode
• Microsoft Exchange Server
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Windows
• Microsoft Windows Codecs Library
• Power BI
• Role: Windows Hyper-V
• Visual Studio
• Visual Studio Code
• Windows Active Directory
• Windows COM
• Windows Core Shell
• Windows Cred SSProvider Protocol
• Windows Defender
• Windows Desktop Bridge
• Windows Diagnostic Hub
• Windows Fastfat Driver
• Windows Feedback Hub
• Windows Hello
• Windows Installer
• Windows Kernel
• Windows NTFS
• Windows RDP
• Windows Scripting
• Windows Virtual Machine Bus

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-26443
• CVE-2021-26444
• CVE-2021-3711
• CVE-2021-38631
• CVE-2021-38665
• CVE-2021-38666
• CVE-2021-40442
• CVE-2021-41368
• CVE-2021-41371
• CVE-2021-41373
• CVE-2021-41374
• CVE-2021-41375
• CVE-2021-41376
• CVE-2021-41379
• CVE-2021-42275
• CVE-2021-42277
• CVE-2021-42278
• CVE-2021-42280
• CVE-2021-42282
• CVE-2021-42284
• CVE-2021-42287
• CVE-2021-42291
• CVE-2021-42292
• CVE-2021-42296
• CVE-2021-42298
• CVE-2021-42300
• CVE-2021-42301
• CVE-2021-42302
• CVE-2021-42303
• CVE-2021-42304
• CVE-2021-42321
• CVE-2021-42323
• CVE-2021-43208
• CVE-2021-43209

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5007186 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2, Windows 10, Version 21H1, Windows Server, Version 21H1
5007189 Windows 10, Version 1909
5007192 Windows 10, Version 1607, Windows Server 2016
5007205 Windows Server 2022
5007206 Windows 10, Version 1809, Windows Server 2019
5007207 Windows 10
5007233 Windows 7, Windows Server 2008 R2 (Security-only update)
5007236 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5007245 Windows Server 2012 (Security-only update)
5007246 Windows Server 2008 (Security-only update)
5007247 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5007255 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5007260 Windows Server 2012 (Monthly Rollup)
5007263 Windows Server 2008 (Monthly Rollup)
5007409 Exchange Server
Released: 9 Nov 2021

https://msrc.microsoft.com/update-guide/releaseNote/2021-Nov

 

December 2021 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• Apps
• ASP.NET Core & Visual Studio
• Azure Bot Framework SDK
• BizTalk ESB Toolkit
• Internet Storage Name Service
• Microsoft Defender for IoT
• Microsoft Devices
• Microsoft Edge (Chromium-based)
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Message Queuing
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft PowerShell
• Microsoft Windows Codecs Library
• Office Developer Platform
• Remote Desktop Client
• Role: Windows Fax Service
• Role: Windows Hyper-V
• Visual Studio Code
• Visual Studio Code - WSL Extension
• Windows Common Log File System Driver
• Windows Digital TV Tuner
• Windows DirectX
• Windows Encrypting File System (EFS)
• Windows Event Tracing
• Windows Installer
• Windows Kernel
• Windows Media
• Windows Mobile Device Management
• Windows NTFS
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Storage
• Windows Storage Spaces Controller
• Windows SymCrypt
• Windows TCP/IP
• Windows Update Stack

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-40452
• CVE-2021-40453
• CVE-2021-4052
• CVE-2021-4053
• CVE-2021-4054
• CVE-2021-4055
• CVE-2021-4056
• CVE-2021-4057
• CVE-2021-4058
• CVE-2021-4059
• CVE-2021-4061
• CVE-2021-4062
• CVE-2021-4063
• CVE-2021-4064
• CVE-2021-4065
• CVE-2021-4066
• CVE-2021-4067
• CVE-2021-4068
• CVE-2021-41360
• CVE-2021-41365
• CVE-2021-42293
• CVE-2021-42294
• CVE-2021-42295
• CVE-2021-42309
• CVE-2021-42310
• CVE-2021-42311
• CVE-2021-42312
• CVE-2021-42313
• CVE-2021-42314
• CVE-2021-42315
• CVE-2021-43216
• CVE-2021-43217
• CVE-2021-42320
• CVE-2021-43214
• CVE-2021-43215
• CVE-2021-43217
• CVE-2021-43222
• CVE-2021-43224
• CVE-2021-43227
• CVE-2021-43235
• CVE-2021-43236
• CVE-2021-43243
• CVE-2021-43244
• CVE-2021-43255
• CVE-2021-43256
• CVE-2021-43875
• CVE-2021-43880
• CVE-2021-43882
• CVE-2021-43888
• CVE-2021-43889
• CVE-2021-43890
• CVE-2021-43899
• CVE-2021-43905

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5008207 Windows 10, Version 1607, Windows Server 2016
5008212 Windows 10, Version 2004, Windows Server, Version 2004, Windows 10, Version 20H2, Windows Server, Version 20H2, Windows 10, Version 21H1
5008218 Windows 10, Version 1809, Windows Server 2019
5008223 Windows Server 2022
5008244 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5008255 Windows Server 2012 (Security-only update)
5008263 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5008271 Windows Server 2008 (Security-only update)
5008274 Windows Server 2008 (Monthly Rollup)
5008277 Windows Server 2012 (Monthly Rollup)
5008282 Windows 7, Windows Server 2008 R2 (Security-only update)
5008285 Windows 8.1, Windows Server 2012 R2 (Security-only update)

Released: Dec 14, 2021


December 2021 Security Updates - Release Notes - Security Update Guide - Microsoft

 

January 2022 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Framework
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft Teams
• Microsoft Windows Codecs Library
• Open Source Software
• Role: Windows Hyper-V
• Tablet Windows User Interface
• Windows Account Control
• Windows Active Directory
• Windows AppContracts API Server
• Windows Application Model
• Windows BackupKey Remote Protocol
• Windows Bind Filter Driver
• Windows Certificates
• Windows Cleanup Manager
• Windows Clipboard User Service
• Windows Cluster Port Driver
• Windows Common Log File System Driver
• Windows Connected Devices Platform Service
• Windows Cryptographic Services
• Windows Defender
• Windows Devices Human Interface
• Windows Diagnostic Hub
• Windows DirectX
• Windows DWM Core Library
• Windows Event Tracing
• Windows Geolocation Service
• Windows HTTP Protocol Stack
• Windows IKE Extension
• Windows Installer
• Windows Kerberos
• Windows Kernel
• Windows Libarchive
• Windows Local Security Authority
• Windows Local Security Authority Subsystem Service
• Windows Modern Execution Server
• Windows Push Notifications
• Windows RDP
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Procedure Call Runtime
• Windows Resilient File System (ReFS)
• Windows Secure Boot
• Windows Security Center
• Windows StateRepository API
• Windows Storage
• Windows Storage Spaces Controller
• Windows System Launcher
• Windows Task Flow Data Engine
• Windows Tile Data Repository
• Windows UEFI
• Windows UI Immersive Server
• Windows User Profile Service
• Windows User-mode Driver Framework
• Windows Virtual Machine IDE Drive
• Windows Win32K
• Windows Workstation Service Remote Protocol

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: A Brand-New Notification System!
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2021-22947
• CVE-2021-36976
• CVE-2022-0096
• CVE-2022-0097
• CVE-2022-0098
• CVE-2022-0099
• CVE-2022-0100
• CVE-2022-0101
• CVE-2022-0102
• CVE-2022-0103
• CVE-2022-0104
• CVE-2022-0105
• CVE-2022-0106
• CVE-2022-0107
• CVE-2022-0108
• CVE-2022-0109
• CVE-2022-0110
• CVE-2022-0111
• CVE-2022-0112
• CVE-2022-0113
• CVE-2022-0114
• CVE-2022-0115
• CVE-2022-0116
• CVE-2022-0117
• CVE-2022-0118
• CVE-2022-0120
• CVE-2022-21836
• CVE-2022-21837
• CVE-2022-21838
• CVE-2022-21840
• CVE-2022-21841
• CVE-2022-21842
• CVE-2022-21843
• CVE-2022-21846
• CVE-2022-21848
• CVE-2022-21849
• CVE-2022-21850
• CVE-2022-21851
• CVE-2022-21855
• CVE-2022-21857
• CVE-2022-21876
• CVE-2022-21877
• CVE-2022-21880
• CVE-2022-21882
• CVE-2022-21883
• CVE-2022-21887
• CVE-2022-21889
• CVE-2022-21890
• CVE-2022-21892
• CVE-2022-21893
• CVE-2022-21900
• CVE-2022-21901
• CVE-2022-21904
• CVE-2022-21905
• CVE-2022-21907
• CVE-2022-21912
• CVE-2022-21914
• CVE-2022-21915
• CVE-2022-21917
• CVE-2022-21920
• CVE-2022-21922
• CVE-2022-21928
• CVE-2022-21929
• CVE-2022-21930
• CVE-2022-21931
• CVE-2022-21954
• CVE-2022-21958
• CVE-2022-21959
• CVE-2022-21960
• CVE-2022-21961
• CVE-2022-21962
• CVE-2022-21963
• CVE-2022-21964
• CVE-2022-21969
• CVE-2022-21970
• CVE-2022-22709

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002109 SharePoint Server 2019 Core
5002111 SharePoint Server Subscription Edition Core
5002113 SharePoint Enterprise Server 2016
5002127 SharePoint Foundation 2013
5008631 Microsoft Exchange Server 2013, 2016, 2019
5009543 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5009546 Windows 10, version 1607, Windows Server 2016
5009555 Windows Server 2022
5009557 Windows Server 2019
5009566 Windows 11
5009586 Windows Server 2012 (Monthly Rollup)
5009595 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5009601 Windows Server 2008 (Security-only update)
5009610 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5009619 Windows Server 2012 (Security-only update)
5009621 Windows 7, Windows Server 2008 R2 (Security-only update)
5009624 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5009627 Windows Server 2008 (Monthly Rollup)

Released: Jan 11, 2022
January 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

February 2022 Security Updates

Updates this Month



This release consists of security updates for the following products, features and roles.

• Azure Data Explorer
  
  
• Kestrel Web Server
  
  
• Microsoft Dynamics
  
  
• Microsoft Dynamics GP
  
  
• Microsoft Edge (Chromium-based)
  
  
• Microsoft Office
  
  
• Microsoft Office Excel
  
  
• Microsoft Office Outlook
  
  
• Microsoft Office SharePoint
  
  
• Microsoft Office Visio
  
  
• Microsoft OneDrive
  
  
• Microsoft Teams
  
  
• Microsoft Windows Codecs Library
  
  
• Power BI
  
  
• Roaming Security Rights Management Services
  
  
• Role: DNS Server
  
  
• Role: Windows Hyper-V
  
  
• SQL Server
  
  
• Visual Studio Code
  
  
• Windows Common Log File System Driver
  
  
• Windows DWM Core Library
  
  
• Windows Kernel
  
  
• Windows Kernel-Mode Drivers
  
  
• Windows Named Pipe File System
  
  
• Windows Print Spooler Components
  
  
• Windows Remote Access Connection Manager
  
  
• Windows Remote Procedure Call Runtime
  
  
• Windows User Account Profile
  
  
• Windows Win32K
  

Please note the following information regarding the security updates:



Security Update Guide Blog Posts

Date Blog Post

January 11, 2022 Coming Soon: New Security Update Guide Notification System

February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020 Security Update Guide: Let’s keep the conversation going

November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-0452
  
  
• CVE-2022-0453
  
  
• CVE-2022-0454
  
  
• CVE-2022-0455
  
  
• CVE-2022-0456
  
  
• CVE-2022-0457
  
  
• CVE-2022-0458
  
  
• CVE-2022-0459
  
  
• CVE-2022-0460
  
  
• CVE-2022-0461
  
  
• CVE-2022-0462
  
  
• CVE-2022-0463
  
  
• CVE-2022-0464
  
  
• CVE-2022-0465
  
  
• CVE-2022-0466
  
  
• CVE-2022-0467
  
  
• CVE-2022-0468
  
  
• CVE-2022-0469
  
  
• CVE-2022-0470
  
  
• CVE-2022-21844
  
  
• CVE-2022-21926
  
  
• CVE-2022-21927
  
  
• CVE-2022-21965
  
  
• CVE-2022-21968
  
  
• CVE-2022-21971
  
  
• CVE-2022-21974
  
  
• CVE-2022-21984
  
  
• CVE-2022-21985
  
  
• CVE-2022-21986
  
  
• CVE-2022-21987
  
  
• CVE-2022-21988
  
  
• CVE-2022-21989
  
  
• CVE-2022-21991
  
  
• CVE-2022-21992
  
  
• CVE-2022-21993
  
  
• CVE-2022-21995
  
  
• CVE-2022-21997
  
  
• CVE-2022-21998
  
  
• CVE-2022-22003
  
  
• CVE-2022-22004
  
  
• CVE-2022-22005
  
  
• CVE-2022-22709
  
  
• CVE-2022-22712
  
  
• CVE-2022-22716
  
  
• CVE-2022-22717
  
  
• CVE-2022-23252
  
  
• CVE-2022-23254
  
  
• CVE-2022-23255
  
  
• CVE-2022-23256
  
  
• CVE-2022-23261
  
  
• CVE-2022-23262
  
  
• CVE-2022-23263
  
  
• CVE-2022-23269
  
  
• CVE-2022-23272
  
  
• CVE-2022-23274
  
  
• CVE-2022-23276
  
  
• CVE-2022-23280
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.



For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).



KB Article Applies To

5010342 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2

5010351 Windows 10, version 1809, Windows Server 2019

5010354 Windows Server 2022

5010384 Windows Server 2008 (Monthly Rollup)

5010392 Windows Server 2012 (Monthly Rollup)

5010395 Windows 8.1, Windows Server 2012 R2 (Security-only update)

5010403 Windows Server 2008 (Security-only update)

5010404 Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5010412 Windows Server 2012 (Security-only update)

5010419 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5010422 Windows 7, Windows Server 2008 R2 (Security-only update)

5002135 SharePoint Server 2019

Released: Feb 8, 2022



February 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

March 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
• Azure Site Recovery
• Microsoft Defender for Endpoint
• Microsoft Defender for IoT
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Intune
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Paint 3D
• Role: Windows Hyper-V
• Skype Extension for Chrome
• Tablet Windows User Interface
• Visual Studio Code
• Windows Ancillary Function Driver for WinSock
• Windows CD-ROM Driver
• Windows Cloud Files Mini Filter Driver
• Windows COM
• Windows Common Log File System Driver
• Windows DWM Core Library
• Windows Event Tracing
• Windows Fastfat Driver
• Windows Fax and Scan Service
• Windows HTML Platform
• Windows Installer
• Windows Kernel
• Windows Media
• Windows PDEV
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Remote Desktop
• Windows Security Support Provider Interface
• Windows SMB Server
• Windows Update Stack
• XBox

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2020-8927
• CVE-2022-0789
• CVE-2022-0790
• CVE-2022-0791
• CVE-2022-0792
• CVE-2022-0793
• CVE-2022-0794
• CVE-2022-0795
• CVE-2022-0796
• CVE-2022-0797
• CVE-2022-0798
• CVE-2022-0799
• CVE-2022-0800
• CVE-2022-0801
• CVE-2022-0802
• CVE-2022-0803
• CVE-2022-0804
• CVE-2022-0805
• CVE-2022-0806
• CVE-2022-0807
• CVE-2022-0808
• CVE-2022-0809
• CVE-2022-21967
• CVE-2022-21975
• CVE-2022-21977
• CVE-2022-21990
• CVE-2022-22006
• CVE-2022-22007
• CVE-2022-22010
• CVE-2022-23265
• CVE-2022-23266
• CVE-2022-23277
• CVE-2022-23278
• CVE-2022-23281
• CVE-2022-23282
• CVE-2022-23283
• CVE-2022-23285
• CVE-2022-23286
• CVE-2022-23287
• CVE-2022-23288
• CVE-2022-23294
• CVE-2022-23295
• CVE-2022-23297
• CVE-2022-23298
• CVE-2022-23299
• CVE-2022-23300
• CVE-2022-23301
• CVE-2022-24451
• CVE-2022-24452
• CVE-2022-24453
• CVE-2022-24456
• CVE-2022-24457
• CVE-2022-24460
• CVE-2022-24461
• CVE-2022-24462
• CVE-2022-24463
• CVE-2022-24465
• CVE-2022-24467
• CVE-2022-24468
• CVE-2022-24469
• CVE-2022-24470
• CVE-2022-24471
• CVE-2022-24501
• CVE-2022-24502
• CVE-2022-24503
• CVE-2022-24505
• CVE-2022-24506
• CVE-2022-24508
• CVE-2022-24509
• CVE-2022-24510
• CVE-2022-24511
• CVE-2022-24512
• CVE-2022-24515
• CVE-2022-24517
• CVE-2022-24518
• CVE-2022-24519
• CVE-2022-24520
• CVE-2022-24522
• CVE-2022-24525
• CVE-2022-24526

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5010324 Microsoft Exchange Server 2103
5011487 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5011495 Windows 10, version 1607, Windows Server 2016
5011497 Windows Server 2022
5011503 Windows 10, version 1809, Windows Server 2019
5011525 Windows Server 2008 (Security-only update)
5011527 Windows Server 2012 (Security-only update)
5011529 Windows 7, Windows Server 2008 R2 (Security-only update)
5011534 Windows Server 2008 (Monthly Rollup)
5011535 Windows Server 2012 (Monthly Rollup)
5011552 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5011560 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5011564 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5012698 Microsoft Exchange Server 2016, 2019
Released: Mar 8, 2022
March 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

April 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Framework
• Active Directory Domain Services
• Azure SDK
• Azure Site Recovery
• LDAP - Lightweight Directory Access Protocol
• Microsoft Bluetooth Driver
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Microsoft Windows Media Foundation
• Power BI
• Role: DNS Server
• Role: Windows Hyper-V
• Skype for Business
• Visual Studio
• Visual Studio Code
• Windows Ancillary Function Driver for WinSock
• Windows App Store
• Windows AppX Package Manager
• Windows Cluster Client Failover
• Windows Cluster Shared Volume (CSV)
• Windows Common Log File System Driver
• Windows Defender
• Windows DWM Core Library
• Windows Endpoint Configuration Manager
• Windows Fax Compose Form
• Windows Feedback Hub
• Windows File Explorer
• Windows File Server
• Windows Installer
• Windows iSCSI Target Service
• Windows Kerberos
• Windows Kernel
• Windows Local Security Authority Subsystem Service
• Windows Media
• Windows Network File System
• Windows PowerShell
• Windows Print Spooler Components
• Windows RDP
• Windows Remote Procedure Call Runtime
• Windows schannel
• Windows SMB
• Windows Telephony Server
• Windows Upgrade Assistant
• Windows User Profile Service
• Windows Win32K
• Windows Work Folder Service
• YARP reverse proxy

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-1125
• CVE-2022-1127
• CVE-2022-1128
• CVE-2022-1129
• CVE-2022-1130
• CVE-2022-1131
• CVE-2022-1133
• CVE-2022-1134
• CVE-2022-1135
• CVE-2022-1136
• CVE-2022-1137
• CVE-2022-1138
• CVE-2022-1139
• CVE-2022-1143
• CVE-2022-1145
• CVE-2022-1146
• CVE-2022-1232
• CVE-2022-21983
• CVE-2022-22008
• CVE-2022-22009
• CVE-2022-23257
• CVE-2022-23259
• CVE-2022-23268
• CVE-2022-23292
• CVE-2022-24472
• CVE-2022-24473
• CVE-2022-24475
• CVE-2022-24482
• CVE-2022-24483
• CVE-2022-24485
• CVE-2022-24487
• CVE-2022-24490
• CVE-2022-24491
• CVE-2022-24492
• CVE-2022-24493
• CVE-2022-24495
• CVE-2022-24497
• CVE-2022-24498
• CVE-2022-24500
• CVE-2022-24523
• CVE-2022-24527
• CVE-2022-24528
• CVE-2022-24532
• CVE-2022-24533
• CVE-2022-24534
• CVE-2022-24536
• CVE-2022-24537
• CVE-2022-24539
• CVE-2022-24540
• CVE-2022-24541
• CVE-2022-24543
• CVE-2022-24545
• CVE-2022-24765
• CVE-2022-24767
• CVE-2022-26783
• CVE-2022-26785
• CVE-2022-26807
• CVE-2022-26808
• CVE-2022-26809
• CVE-2022-26811
• CVE-2022-26812
• CVE-2022-26813
• CVE-2022-26814
• CVE-2022-26815
• CVE-2022-26816
• CVE-2022-26817
• CVE-2022-26818
• CVE-2022-26819
• CVE-2022-26820
• CVE-2022-26821
• CVE-2022-26822
• CVE-2022-26823
• CVE-2022-26824
• CVE-2022-26825
• CVE-2022-26826
• CVE-2022-26827
• CVE-2022-26828
• CVE-2022-26829
• CVE-2022-26830
• CVE-2022-26891
• CVE-2022-26894
• CVE-2022-26895
• CVE-2022-26896
• CVE-2022-26897
• CVE-2022-26898
• CVE-2022-26900
• CVE-2022-26901
• CVE-2022-26903
• CVE-2022-26904
• CVE-2022-26907
• CVE-2022-26908
• CVE-2022-26909
• CVE-2022-26910
• CVE-2022-26911
• CVE-2022-26912
• CVE-2022-26916
• CVE-2022-26917
• CVE-2022-26918
• CVE-2022-26919
• CVE-2022-26920
• CVE-2022-26924

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5012591 Windows 10, version 1909
5012592 Windows 11
5012596 Windows 10, version 1607, Windows Server 2016
5012599 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5012604 Windows Server 2022
5012626 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5012632 Windows Server 2008 (Security-only update)
5012639 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5012647 Windows 10, version 1809
5012649 Windows 7, Windows Server 2008 R2 (Security-only update)
5012650 Windows Server 2012 (Monthly Rollup)
5012653 Windows 10
5012658 Windows Server 2008 (Monthly Rollup)
5012666 Windows Server 2012 (Security-only update)
5012670 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5002191 SharePoint Server Subscription Edition

April 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

May 2022 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
  
  
• Microsoft Exchange Server
  
  
• Microsoft Graphics Component
  
  
• Microsoft Local Security Authority Server (lsasrv)
  
  
• Microsoft Office
  
  
• Microsoft Office Excel
  
  
• Microsoft Office SharePoint
  
  
• Microsoft Windows ALPC
  
  
• Remote Desktop Client
  
  
• Role: Windows Fax Service
  
  
• Role: Windows Hyper-V
  
  
• Self-hosted Integration Runtime
  
  
• Tablet Windows User Interface
  
  
• Visual Studio
  
  
• Visual Studio Code
  
  
• Windows Active Directory
  
  
• Windows Address Book
  
  
• Windows Authentication Methods
  
  
• Windows BitLocker
  
  
• Windows Cluster Shared Volume (CSV)
  
  
• Windows Failover Cluster Automation Server
  
  
• Windows Kerberos
  
  
• Windows Kernel
  
  
• Windows LDAP - Lightweight Directory Access Protocol
  
  
• Windows Media
  
  
• Windows Network File System
  
  
• Windows NTFS
  
  
• Windows Point-to-Point Tunneling Protocol
  
  
• Windows Print Spooler Components
  
  
• Windows Push Notifications
  
  
• Windows Remote Access Connection Manager
  
  
• Windows Remote Desktop
  
  
• Windows Remote Procedure Call Runtime
  
  
• Windows Server Service
  
  
• Windows Storage Spaces Controller
  
  
• Windows WLAN Auto Config Service
  

Please note the following information regarding the security updates:

Security Update Guide Blog Posts

Date

Blog Post

January 11, 2022

Coming Soon: New Security Update Guide Notification System

February 9, 2021

Continuing to Listen: Good News about the Security Update Guide API

January 13, 2021

Security Update Guide Supports CVEs Assigned by Industry Partners

December 8, 2020

Security Update Guide: Let’s keep the conversation going

November 9, 2020

Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
  
  
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
  
  
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
  
  
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
  
  
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
  
  
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
  

FAQs, Mitigations, and Workarounds

The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-21972
  
  
• CVE-2022-21978
  
  
• CVE-2022-22011
  
  
• CVE-2022-22012
  
  
• CVE-2022-22015
  
  
• CVE-2022-22016
  
  
• CVE-2022-22017
  
  
• CVE-2022-22019
  
  
• CVE-2022-22713
  
  
• CVE-2022-23270
  
  
• CVE-2022-23279
  
  
• CVE-2022-24466
  
  
• CVE-2022-26913
  
  
• CVE-2022-26923
  
  
• CVE-2022-26925
  
  
• CVE-2022-26926
  
  
• CVE-2022-26927
  
  
• CVE-2022-26930
  
  
• CVE-2022-26931
  
  
• CVE-2022-26932
  
  
• CVE-2022-26933
  
  
• CVE-2022-26934
  
  
• CVE-2022-26935
  
  
• CVE-2022-26936
  
  
• CVE-2022-26937
  
  
• CVE-2022-26938
  
  
• CVE-2022-26939
  
  
• CVE-2022-26940
  
  
• CVE-2022-29102
  
  
• CVE-2022-29106
  
  
• CVE-2022-29107
  
  
• CVE-2022-29108
  
  
• CVE-2022-29109
  
  
• CVE-2022-29110
  
  
• CVE-2022-29112
  
  
• CVE-2022-29113
  
  
• CVE-2022-29114
  
  
• CVE-2022-29115
  
  
• CVE-2022-29116
  
  
• CVE-2022-29120
  
  
• CVE-2022-29121
  
  
• CVE-2022-29122
  
  
• CVE-2022-29123
  
  
• CVE-2022-29125
  
  
• CVE-2022-29126
  
  
• CVE-2022-29127
  
  
• CVE-2022-29128
  
  
• CVE-2022-29129
  
  
• CVE-2022-29130
  
  
• CVE-2022-29131
  
  
• CVE-2022-29133
  
  
• CVE-2022-29134
  
  
• CVE-2022-29135
  
  
• CVE-2022-29138
  
  
• CVE-2022-29139
  
  
• CVE-2022-29140
  
  
• CVE-2022-29142
  
  
• CVE-2022-29148
  
  
• CVE-2022-29150
  
  
• CVE-2022-29151
  
  
• CVE-2022-29972
  
  
• CVE-2022-30129
  

Known Issues

You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article

Applies To

5011363

New Exchange Server Security Update and Hotfix Packaging

5013941

Windows 10, version 1809, Windows Server 2019

5013942

Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2

5013943

Windows 11

5013944

Windows Server 2022

5013952

Windows 10, version 1607, Windows Server 2016

5013999

Windows 7, Windows Server 2008 R2 (Security-only update)

5014001

Windows 8.1, Windows Server 2012 R2 (Security-only update)

5014006

Windows Server 2008 (Security-only update)

5014010

Windows Server 2008 (Monthly Rollup)

5014011

Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

5014012

Windows 7, Windows Server 2008 R2 (Monthly Rollup)

5014017

Windows Server 2012 (Monthly Rollup)

5014018

Windows Server 2012 (Security-only update)

Released: 10 May 2022

https://msrc.microsoft.com/update-guide/releaseNote/2022-May

 

June 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
• Azure OMI
• Azure Real Time Operating System
• Azure Service Fabric Container
• Intel
• Microsoft Edge (Chromium-based)
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Remote Volume Shadow Copy Service (RVSS)
• Role: Windows Hyper-V
• SQL Server
• Windows Ancillary Function Driver for WinSock
• Windows App Store
• Windows Autopilot
• Windows Container Isolation FS Filter Driver
• Windows Container Manager Service
• Windows Defender
• Windows Encrypting File System (EFS)
• Windows File History Service
• Windows Installer
• Windows iSCSI
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows Local Security Authority Subsystem Service
• Windows Media
• Windows Network Address Translation (NAT)
• Windows Network File System
• Windows PowerShell
• Windows SMB

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-2007
• CVE-2022-2008
• CVE-2022-2010
• CVE-2022-2011
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21127
• CVE-2022-21166
• CVE-2022-22018
• CVE-2022-22021
• CVE-2022-29111
• CVE-2022-29119
• CVE-2022-29143
• CVE-2022-29149
• CVE-2022-30136
• CVE-2022-30137
• CVE-2022-30139
• CVE-2022-30140
• CVE-2022-30141
• CVE-2022-30142
• CVE-2022-30143
• CVE-2022-30145
• CVE-2022-30146
• CVE-2022-30148
• CVE-2022-30149
• CVE-2022-30150
• CVE-2022-30151
• CVE-2022-30153
• CVE-2022-30154
• CVE-2022-30155
• CVE-2022-30157
• CVE-2022-30158
• CVE-2022-30159
• CVE-2022-30161
• CVE-2022-30162
• CVE-2022-30163
• CVE-2022-30164
• CVE-2022-30165
• CVE-2022-30167
• CVE-2022-30168
• CVE-2022-30171
• CVE-2022-30172
• CVE-2022-30173
• CVE-2022-30174
• CVE-2022-30177
• CVE-2022-30178
• CVE-2022-30179
• CVE-2022-30180
• CVE-2022-30184
• CVE-2022-30188
• CVE-2022-30189
• CVE-2022-30193
• CVE-2022-32230

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002219 SharePoint Foundation 2013
5014692 Windows Server 2019
5014697 Windows 11
5014699 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5014738 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5014741 Windows Server 2012 (Security-only update)
5014742 Windows 7, Windows Server 2008 R2 (Security-only update)
5014743 Windows Server 2008 (Security-only update)
5014746 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5014747 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5014748 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5014752 Windows Server 2008 (Monthly Rollup)
Released: Jun 14, 2022
June 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

July 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• AMD CPU Branch
• Azure Site Recovery
• Azure Storage Library
• Microsoft Defender for Endpoint
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Open Source Software
• Role: DNS Server
• Role: Windows Fax Service
• Role: Windows Hyper-V
• Skype for Business and Microsoft Lync
• Windows Active Directory
• Windows Advanced Local Procedure Call
• Windows BitLocker
• Windows Boot Manager
• Windows Client/Server Runtime Subsystem
• Windows Connected Devices Platform Service
• Windows Credential Guard
• Windows Fast FAT Driver
• Windows Fax and Scan Service
• Windows Group Policy
• Windows IIS
• Windows Kernel
• Windows Media
• Windows Network File System
• Windows Performance Counters
• Windows Point-to-Point Tunneling Protocol
• Windows Portable Device Enumerator Service
• Windows Print Spooler Components
• Windows Remote Procedure Call Runtime
• Windows Security Account Manager
• Windows Server Service
• Windows Shell
• Windows Storage
• XBox

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-21845
• CVE-2022-22022
• CVE-2022-22023
• CVE-2022-22024
• CVE-2022-22026
• CVE-2022-22027
• CVE-2022-22028
• CVE-2022-22029
• CVE-2022-22031
• CVE-2022-22034
• CVE-2022-22036
• CVE-2022-22037
• CVE-2022-22038
• CVE-2022-22039
• CVE-2022-22040
• CVE-2022-22041
• CVE-2022-22042
• CVE-2022-22043
• CVE-2022-22045
• CVE-2022-22047
• CVE-2022-22048
• CVE-2022-22049
• CVE-2022-22050
• CVE-2022-22711
• CVE-2022-2294
• CVE-2022-2295
• CVE-2022-23816
• CVE-2022-23825
• CVE-2022-27776
• CVE-2022-30181
• CVE-2022-30187
• CVE-2022-30202
• CVE-2022-30203
• CVE-2022-30205
• CVE-2022-30206
• CVE-2022-30209
• CVE-2022-30211
• CVE-2022-30212
• CVE-2022-30213
• CVE-2022-30214
• CVE-2022-30215
• CVE-2022-30216
• CVE-2022-30220
• CVE-2022-30221
• CVE-2022-30222
• CVE-2022-30223
• CVE-2022-30224
• CVE-2022-30225
• CVE-2022-30226
• CVE-2022-33632
• CVE-2022-33633
• CVE-2022-33637
• CVE-2022-33641
• CVE-2022-33642
• CVE-2022-33643
• CVE-2022-33644
• CVE-2022-33650
• CVE-2022-33651
• CVE-2022-33652
• CVE-2022-33653
• CVE-2022-33654
• CVE-2022-33655
• CVE-2022-33656
• CVE-2022-33657
• CVE-2022-33658
• CVE-2022-33659
• CVE-2022-33660
• CVE-2022-33661
• CVE-2022-33662
• CVE-2022-33663
• CVE-2022-33664
• CVE-2022-33665
• CVE-2022-33666
• CVE-2022-33667
• CVE-2022-33668
• CVE-2022-33669
• CVE-2022-33671
• CVE-2022-33672
• CVE-2022-33673
• CVE-2022-33674
• CVE-2022-33675
• CVE-2022-33676
• CVE-2022-33677
• CVE-2022-33678

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5015807 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5015811 Windows 10, version 1809, Windows Server 2019
5015814 Windows 11
5015827 Windows Server 2022
5015861 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5015862 Windows 7, Windows Server 2008 R2 (Security-only update)
5015863 Windows Server 2012 (Monthly Rollup)
5015866 Windows Server 2008 (Monthly Rollup)
5015870 Windows Server 2008 (Security-only update)
5015874 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5015875 Windows Server 2012 (Security-only update)
5015877 Windows 8.1, Windows Server 2012 R2 (Security-only update)
Released: 12 Jul 2022
July 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

August 2022 Security Updates

Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Core
• Active Directory Domain Services
• Azure Batch Node Agent
• Azure Real Time Operating System
• Azure Site Recovery
• Azure Sphere
• Microsoft ATA Port Driver
• Microsoft Bluetooth Driver
• Microsoft Edge (Chromium-based)
• Microsoft Exchange Server
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office Outlook
• Microsoft Windows Support Diagnostic Tool (MSDT)
• Remote Access Service Point-to-Point Tunneling Protocol
• Role: Windows Fax Service
• Role: Windows Hyper-V
• System Center Operations Manager
• Visual Studio
• Windows Bluetooth Service
• Windows Canonical Display Driver
• Windows Cloud Files Mini Filter Driver
• Windows Defender Credential Guard
• Windows Digital Media
• Windows Error Reporting
• Windows Hello
• Windows Internet Information Services
• Windows Kerberos
• Windows Kernel
• Windows Local Security Authority (LSA)
• Windows Network File System
• Windows Partition Management Driver
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Secure Boot
• Windows Secure Socket Tunneling Protocol (SSTP)
• Windows Storage Spaces Direct
• Windows Unified Write Filter
• Windows WebBrowser Control
• Windows Win32K

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
August 9, 2022 Security Update Guide Notification System News: Create your profile now
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-21979
• CVE-2022-21980
• CVE-2022-24477
• CVE-2022-24516
• CVE-2022-2603
• CVE-2022-2604
• CVE-2022-2605
• CVE-2022-2606
• CVE-2022-2610
• CVE-2022-2611
• CVE-2022-2612
• CVE-2022-2614
• CVE-2022-2615
• CVE-2022-2616
• CVE-2022-2617
• CVE-2022-2618
• CVE-2022-2619
• CVE-2022-2621
• CVE-2022-2622
• CVE-2022-2623
• CVE-2022-2624
• CVE-2022-30133
• CVE-2022-30134
• CVE-2022-30144
• CVE-2022-30175
• CVE-2022-30176
• CVE-2022-30194
• CVE-2022-30197
• CVE-2022-33631
• CVE-2022-33636
• CVE-2022-33640
• CVE-2022-33646
• CVE-2022-33648
• CVE-2022-33649
• CVE-2022-33670
• CVE-2022-34301
• CVE-2022-34302
• CVE-2022-34303
• CVE-2022-34685
• CVE-2022-34686
• CVE-2022-34687
• CVE-2022-34690
• CVE-2022-34691
• CVE-2022-34692
• CVE-2022-34696
• CVE-2022-34699
• CVE-2022-34702
• CVE-2022-34703
• CVE-2022-34704
• CVE-2022-34705
• CVE-2022-34706
• CVE-2022-34707
• CVE-2022-34708
• CVE-2022-34709
• CVE-2022-34710
• CVE-2022-34712
• CVE-2022-34713
• CVE-2022-34714
• CVE-2022-34715
• CVE-2022-34716
• CVE-2022-34717
• CVE-2022-35742
• CVE-2022-35743
• CVE-2022-35744
• CVE-2022-35745
• CVE-2022-35746
• CVE-2022-35747
• CVE-2022-35748
• CVE-2022-35749
• CVE-2022-35750
• CVE-2022-35751
• CVE-2022-35752
• CVE-2022-35753
• CVE-2022-35754
• CVE-2022-35755
• CVE-2022-35756
• CVE-2022-35757
• CVE-2022-35758
• CVE-2022-35760
• CVE-2022-35761
• CVE-2022-35762
• CVE-2022-35763
• CVE-2022-35764
• CVE-2022-35765
• CVE-2022-35766
• CVE-2022-35767
• CVE-2022-35768
• CVE-2022-35771
• CVE-2022-35772
• CVE-2022-35773
• CVE-2022-35774
• CVE-2022-35775
• CVE-2022-35776
• CVE-2022-35777
• CVE-2022-35779
• CVE-2022-35780
• CVE-2022-35781
• CVE-2022-35782
• CVE-2022-35783
• CVE-2022-35784
• CVE-2022-35785
• CVE-2022-35786
• CVE-2022-35787
• CVE-2022-35788
• CVE-2022-35789
• CVE-2022-35790
• CVE-2022-35791
• CVE-2022-35792
• CVE-2022-35793
• CVE-2022-35794
• CVE-2022-35795
• CVE-2022-35796
• CVE-2022-35797
• CVE-2022-35799
• CVE-2022-35800
• CVE-2022-35801
• CVE-2022-35802
• CVE-2022-35804
• CVE-2022-35806
• CVE-2022-35807
• CVE-2022-35808
• CVE-2022-35809
• CVE-2022-35810
• CVE-2022-35811
• CVE-2022-35812
• CVE-2022-35813
• CVE-2022-35814
• CVE-2022-35815
• CVE-2022-35816
• CVE-2022-35817
• CVE-2022-35818
• CVE-2022-35819
• CVE-2022-35820
• CVE-2022-35821
• CVE-2022-35824
• CVE-2022-35825
• CVE-2022-35826
• CVE-2022-35827

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5012170 Windows 11, Secure Boot Standalone
5016616 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5016623 Windows 10, version 1809, Windows Server 2019
5016627 Windows Server 2022
5016629 Windows 11
5016669 Windows Server 2008 (Monthly Rollup)
5016676 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5016679 Windows 7, Windows Server 2008 R2 (Security-only update)
5016686 Windows Server 2008 (Security-only update)

Released: Aug 9, 2022
August 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

Updates this Month
This release consists of security updates for the following products, features and roles.

• .NET and Visual Studio
• .NET Framework
• Azure Arc
• Cache Speculation
• HTTP.sys
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows ALPC
• Microsoft Windows Codecs Library
• Network Device Enrollment Service (NDES)
• Role: DNS Server
• Role: Windows Fax Service
• SPNEGO Extended Negotiation
• Visual Studio Code
• Windows Common Log File System Driver
• Windows Credential Roaming Service
• Windows Defender
• Windows Distributed File System (DFS)
• Windows DPAPI (Data Protection Application Programming Interface)
• Windows Enterprise App Management
• Windows Event Tracing
• Windows Group Policy
• Windows IKE Extension
• Windows Kerberos
• Windows Kernel
• Windows LDAP - Lightweight Directory Access Protocol
• Windows ODBC Driver
• Windows OLE
• Windows Photo Import API
• Windows Print Spooler Components
• Windows Remote Access Connection Manager
• Windows Remote Procedure Call
• Windows TCP/IP
• Windows Transport Security Layer (TLS)

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
August 9, 2022 Security Update Guide Notification System News: Create your profile now
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-23960
• CVE-2022-26928
• CVE-2022-26929
• CVE-2022-30170
• CVE-2022-30196
• CVE-2022-30200
• CVE-2022-3038
• CVE-2022-3039
• CVE-2022-3040
• CVE-2022-3041
• CVE-2022-3044
• CVE-2022-3045
• CVE-2022-3046
• CVE-2022-3047
• CVE-2022-3053
• CVE-2022-3054
• CVE-2022-3055
• CVE-2022-3056
• CVE-2022-3057
• CVE-2022-3058
• CVE-2022-3075
• CVE-2022-33647
• CVE-2022-33679
• CVE-2022-34700
• CVE-2022-34718
• CVE-2022-34719
• CVE-2022-34721
• CVE-2022-34722
• CVE-2022-34723
• CVE-2022-34725
• CVE-2022-34726
• CVE-2022-34727
• CVE-2022-34728
• CVE-2022-34729
• CVE-2022-34730
• CVE-2022-34731
• CVE-2022-34732
• CVE-2022-34733
• CVE-2022-34734
• CVE-2022-35803
• CVE-2022-35805
• CVE-2022-35823
• CVE-2022-35828
• CVE-2022-35830
• CVE-2022-35831
• CVE-2022-35834
• CVE-2022-35835
• CVE-2022-35836
• CVE-2022-35837
• CVE-2022-35840
• CVE-2022-35841
• CVE-2022-37954
• CVE-2022-37955
• CVE-2022-37956
• CVE-2022-37957
• CVE-2022-37958
• CVE-2022-37959
• CVE-2022-37961
• CVE-2022-37962
• CVE-2022-37963
• CVE-2022-37969
• CVE-2022-38004
• CVE-2022-38005
• CVE-2022-38006
• CVE-2022-38007
• CVE-2022-38008
• CVE-2022-38009
• CVE-2022-38010
• CVE-2022-38011
• CVE-2022-38012
• CVE-2022-38019
• CVE-2022-38020

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002142 SharePoint Enterprise Server 2016
5002159 SharePoint Foundation 2013
5002257 SharePoint Server 2019
5002258 SharePoint Server 2019
5002267 SharePoint Foundation 2013
5002269 SharePoint Enterprise Server 2016
5002270 SharePoint Server Subscription Edition Language Pack
5002271 SharePoint Server Subscription Edition Core
5017305 Windows 10, version 1607, Windows Server 2016
5017308 Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5017315 Windows Server 2019
5017316 Windows Server 2022
5017327 Windows 10
5017328 Windows 11
5017358 Windows Server 2008 (Monthly Rollup)
5017361 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5017365 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5017367 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5017370 Windows Server 2012 (Monthly Rollup)
5017371 Windows Server 2008 (Security-only update)
5017373 Windows 7, Windows Server 2008 R2 (Security-only update)
5017377 Windows Server 2012 (Security-only update)
Released: Sep 13, 2022

September 2022 Security Updates - Release Notes - Security Update Guide - Microsoft

 

October 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• Active Directory Domain Services
• Azure
• Azure Arc
• Client Server Run-time Subsystem (CSRSS)
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office SharePoint
• Microsoft Office Word
• Microsoft WDAC OLE DB provider for SQL
• NuGet Client
• Remote Access Service Point-to-Point Tunneling Protocol
• Role: Windows Hyper-V
• Service Fabric
• Visual Studio Code
• Windows Active Directory Certificate Services
• Windows ALPC
• Windows CD-ROM Driver
• Windows COM+ Event System Service
• Windows Connected User Experiences and Telemetry
• Windows CryptoAPI
• Windows Defender
• Windows DHCP Client
• Windows Distributed File System (DFS)
• Windows DWM Core Library
• Windows Event Logging Service
• Windows Group Policy
• Windows Group Policy Preference Client
• Windows Internet Key Exchange (IKE) Protocol
• Windows Kernel
• Windows Local Security Authority (LSA)
• Windows Local Security Authority Subsystem Service (LSASS)
• Windows Local Session Manager (LSM)
• Windows NTFS
• Windows NTLM
• Windows ODBC Driver
• Windows Perception Simulation Service
• Windows Point-to-Point Tunneling Protocol
• Windows Portable Device Enumerator Service
• Windows Print Spooler Components
• Windows Resilient File System (ReFS)
• Windows Secure Channel
• Windows Security Support Provider Interface
• Windows Server Remotely Accessible Registry Keys
• Windows Server Service
• Windows Storage
• Windows TCP/IP
• Windows USB Serial Driver
• Windows Web Account Manager
• Windows Win32K
• Windows WLAN Service
• Windows Workstation Service

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
August 9, 2022 Security Update Guide Notification System News: Create your profile now
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-22035
• CVE-2022-24504
• CVE-2022-30198
• CVE-2022-3304
• CVE-2022-3307
• CVE-2022-3308
• CVE-2022-3310
• CVE-2022-3311
• CVE-2022-3313
• CVE-2022-3315
• CVE-2022-3316
• CVE-2022-3317
• CVE-2022-33634
• CVE-2022-33635
• CVE-2022-3370
• CVE-2022-3373
• CVE-2022-34689
• CVE-2022-35770
• CVE-2022-35829
• CVE-2022-37965
• CVE-2022-37968
• CVE-2022-37970
• CVE-2022-37971
• CVE-2022-37973
• CVE-2022-37974
• CVE-2022-37975
• CVE-2022-37976
• CVE-2022-37978
• CVE-2022-37979
• CVE-2022-37980
• CVE-2022-37981
• CVE-2022-37982
• CVE-2022-37983
• CVE-2022-37984
• CVE-2022-37985
• CVE-2022-37986
• CVE-2022-37987
• CVE-2022-37988
• CVE-2022-37989
• CVE-2022-37990
• CVE-2022-37991
• CVE-2022-37993
• CVE-2022-37994
• CVE-2022-37995
• CVE-2022-37996
• CVE-2022-37997
• CVE-2022-37999
• CVE-2022-38000
• CVE-2022-38001
• CVE-2022-38016
• CVE-2022-38017
• CVE-2022-38021
• CVE-2022-38022
• CVE-2022-38025
• CVE-2022-38026
• CVE-2022-38027
• CVE-2022-38028
• CVE-2022-38029
• CVE-2022-38030
• CVE-2022-38031
• CVE-2022-38032
• CVE-2022-38033
• CVE-2022-38034
• CVE-2022-38037
• CVE-2022-38038
• CVE-2022-38039
• CVE-2022-38040
• CVE-2022-38042
• CVE-2022-38043
• CVE-2022-38044
• CVE-2022-38045
• CVE-2022-38046
• CVE-2022-38047
• CVE-2022-38048
• CVE-2022-38049
• CVE-2022-38050
• CVE-2022-38051
• CVE-2022-38053
• CVE-2022-41031
• CVE-2022-41032
• CVE-2022-41033
• CVE-2022-41034
• CVE-2022-41035
• CVE-2022-41036
• CVE-2022-41037
• CVE-2022-41038
• CVE-2022-41042
• CVE-2022-41043
• CVE-2022-41081
• CVE-2022-41083

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5018410 Windows 10, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
5018418 Windows 11 version 21H2
5018419 Windows 10, version 1809, Windows Server 2019
5018421 Windows Server 2022
5018427 Windows 11 version 22H2
5018446 Windows Server 2008 (Security-only update)
5018450 Windows Server 2008 (Monthly Rollup)
5018454 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5018457 Windows Server 2012 (Monthly Rollup)
5018474 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
5018476 Windows 8.1, Windows Server 2012 R2 (Security-only update)
5018478 Windows Server 2012 (Security-only update)
5018479 Windows 7, Windows Server 2008 R2 (Security-only update)
5002278 SharePoint Server 2019
5002284 SharePoint Foundation 2013
5002287 SharePoint Enterprise Server 2016
5002290 SharePoint Server Subscription Edition
Released: Oct 11, 2022

 

November 2022 Security Updates
Updates this Month

This release consists of security updates for the following products, features and roles.

• .NET Framework
• AMD CPU Branch
• Azure
• Azure Real Time Operating System
• Linux Kernel
• Microsoft Dynamics
• Microsoft Exchange Server
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office SharePoint
• Microsoft Office Word
• Network Policy Server (NPS)
• Open Source Software
• Role: Windows Hyper-V
• SysInternals
• Visual Studio
• Windows Advanced Local Procedure Call
• Windows ALPC
• Windows Bind Filter Driver
• Windows BitLocker
• Windows CNG Key Isolation Service
• Windows Devices Human Interface
• Windows Digital Media
• Windows DWM Core Library
• Windows Extensible File Allocation
• Windows Group Policy Preference Client
• Windows HTTP.sys
• Windows Kerberos
• Windows Mark of the Web (MOTW)
• Windows Netlogon
• Windows Network Address Translation (NAT)
• Windows ODBC Driver
• Windows Overlay Filter
• Windows Point-to-Point Tunneling Protocol
• Windows Print Spooler Components
• Windows Resilient File System (ReFS)
• Windows Scripting
• Windows Win32K

Please note the following information regarding the security updates:

Security Update Guide Blog Posts
Date Blog Post
August 9, 2022 Security Update Guide Notification System News: Create your profile now
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide
Relevant Information

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

FAQs, Mitigations, and Workarounds
The following CVEs have FAQs, Mitigations, or Workarounds. You can see these in more detail from the Vulnerabilities tab by selecting FAQs, Mitigations and Workarounds columns in the Edit Columns panel.

• CVE-2022-23824
• CVE-2022-3602
• CVE-2022-3786
• CVE-2022-37966
• CVE-2022-37967
• CVE-2022-37992
• CVE-2022-38014
• CVE-2022-38015
• CVE-2022-38023
• CVE-2022-39253
• CVE-2022-39327
• CVE-2022-41039
• CVE-2022-41044
• CVE-2022-41045
• CVE-2022-41047
• CVE-2022-41048
• CVE-2022-41049
• CVE-2022-41050
• CVE-2022-41051
• CVE-2022-41052
• CVE-2022-41054
• CVE-2022-41055
• CVE-2022-41057
• CVE-2022-41060
• CVE-2022-41061
• CVE-2022-41062
• CVE-2022-41063
• CVE-2022-41064
• CVE-2022-41066
• CVE-2022-41073
• CVE-2022-41085
• CVE-2022-41086
• CVE-2022-41088
• CVE-2022-41090
• CVE-2022-41091
• CVE-2022-41092
• CVE-2022-41093
• CVE-2022-41095
• CVE-2022-41096
• CVE-2022-41097
• CVE-2022-41098
• CVE-2022-41099
• CVE-2022-41100
• CVE-2022-41101
• CVE-2022-41102
• CVE-2022-41103
• CVE-2022-41104
• CVE-2022-41105
• CVE-2022-41106
• CVE-2022-41107
• CVE-2022-41109
• CVE-2022-41113
• CVE-2022-41114
• CVE-2022-41116
• CVE-2022-41118
• CVE-2022-41119
• CVE-2022-41120
• CVE-2022-41122
• CVE-2022-41125
• CVE-2022-41128

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002258 Microsoft SharePoint Server 2019
5002267 Microsoft SharePoint Server 2013
5002269 Microsoft SharePoint Server 2016
5002271 Microsoft SharePoint Server Subscription Edition
5019959 Windows 10 Version 21H1
5019966 Windows 10 Version 1809, Windows Server 2019
5019980 Windows 11 version 22H2
5020000 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
5020003 Windows Server 2012 (Security Only)
5020005 Windows Server 2008 (Security Only)
5020009 Windows Server 2012 (Monthly Rollup)
5020010 Windows 8.1, Windows Server 2012 R2 (Security Only)
5020013 Windows 7, Windows Server 2008 R2 (Security Only)
5020019 Windows Server 2008 (Monthly Rollup)
5020023 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
Released: Nov 8, 2022
November 2022 Security Updates - Release Notes - Security Update Guide - Microsoft