WordPress 4.2.2 security update is release to fix cross-site scripting security vulnerabilities, which affects Genericons icon font package. WordPress versions 4.2 and earlier are affected by XSS vulnerability, which could enable anonymous users to compromise a site.
If your site supports automatic background updates you will be updated to WordPress 4.2.2 automatically. Ever since the WordPress 3.7 release in October 2013, WordPress has provided its self-hosted users with an automated security update mechanism.
Twenty Fifteen default theme is also affected and has WordPress Twenty Fifteen updated by WordPress.org.