Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE

Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE-2022-41033)

Microsoft has released patches for 84 CVEs in the October 2022 Patch Tuesday update. Included this month are patches for 13 CVEs rated as critical and 71 rated as important. While there was much anticipation for Microsoft to patch the two newly disclosed zero-day vulnerabilities in Microsoft Exchange Server (CVE-2022-41040 and CVE-2022-41082), this month's updates did not include fixes for these CVEs. Microsoft confirmed that this month's Exchange Server updates do not include the fixes, but they will be released as soon as they are ready.

Some highlights this month include, one zero-day vulnerability and one publicly disclosed vulnerability receiving patches. CVE-2022-41033 is an Elevation of Privilege (EoP) vulnerability in the Windows COM+ Event System Service and was the only zero-day vulnerability this month. The only publicly disclosed vulnerability was CVE-2022-37976, an EoP vulnerability affecting Active Directory Certificate Services.

For more information about this month's Patch Tuesday release, including Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

Microsoft’s October 2022 Patch Tuesday Addresses 84 CVEs (CVE

Recent Discussions

Oracle E-Business Suite Zero-Day Exploited by Cl0p Ransomware Group (CVE-2025-61882)

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

Americas

Europe

Asia / Australia