KB5018425 is the latest cumulative update for Windows 10 32-bit and x64 versions. The update was released on 11th October 2022. We look at the key aspects of KB5018425 for Windows 10 below.
Salient points about KB5018425 for Windows 10
- KB5018425 has been replaced by KB5019970 cumulative update in November 2022. You can read more about KB5019970 on this page.
- KB5018425 is a cumulative update that supersedes KB5017327. KB5017327 was released in September 2022.
- We are moving to Windows 10 build 10240.19507 as part of KB5018425 deployment.
- Servicing Stack Update KB5014024 needs to be deployed before installing KB5018425. For automated deployments, SSU is patched automatically.
- Windows 10 32-bit and x64 systems are affected by 49 vulnerabilities. Of particular interest is the zero-day threat CVE-2022-41033. We discuss these vulnerabilities below.
Prerequisites for installing KB5018425 on Windows 10
There is a single dependency for installing KB5018425 on Windows 10 systems. You need to deploy the latest Servicing Stack Update KB5014024 for Windows 10 prior to deploying KB5018425.
For automated update installations, Servicing Stack Update is offered for automated installation as part of the update process. No separate action is needed.
However, for offline installers or for manual deployments you will need to download the SSU from the Microsoft website as per the details below:
- KB5014024 can be downloaded from the Microsoft Update Catalog page for KB5014024.
- The update file is available for x86 systems and x64 systems.
- x86 file for KB5014024 has a size of 5.3 MB.
- x64 file for KB5014024 has a size of 11.7 MB.
SSU installation is a quick process and does not cause any system reboot.
How to deploy KB5018425 on Windows 10?
KB5018410 can be deployed automatically through one of the following recommended processes:
- Windows Update program
- Windows Update for Business
- WSUS or Windows Server Update Service
KB5018425 can also be deployed manually through an offline installer available on the Microsoft Update Catalog website.
- KB5018425 can be downloaded from the Microsoft Update Catalog page for KB5018425.
- You will need to download the specific version corresponding to the x86 or x64 platform.
Security vulnerabilities on Windows 10 under KB5018425
There are 49 vulnerabilities that have been shared for Windows 10 32-bit and x64 systems. We focus our attention on the zero-day threat and the eight CRITICAL vulnerabilities that affect Windows 10 systems.
CVE-2022-41033 – Windows COM+ Event System Service Elevation of Privilege Vulnerability
This is a CVSS 7.8 vulnerability with an ‘IMPORTANT’ severity rating that affects Windows 10 computers.
This is an ‘Elevation of Privileges’ vulnerability and an attacker could assume system privileges upon a successful attack. CVE-2022-41033 is already being exploited and is considered a zero-day threat.
Aside from the zero-day threat shared above, there are 8 ‘CRITICAL’ vulnerabilities on Windows 10 computers. Out of these 8 vulnerabilities:
- 7 Remote Code Execution threats
- 1 Spoofing threat
The details of 8 vulnerabilities with a ‘CRITICAL’ impact on Windows 10 are shared in the quick reference summary table.
| Vulnerability | CVSS Rating | Comments |
|---|---|---|
| CVE-2022-22035 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-30198 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-34689 | 7.5 | Windows CryptoAPI Spoofing Vulnerability |
| CVE-2022-33634 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-24504 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-41081 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38000 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| CVE-2022-38047 | 8.1 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.