diff --git a/hack/dockerfile/install/golangci_lint.installer b/hack/dockerfile/install/golangci_lint.installer
index bcce308e157c7..0043c079b9584 100755
--- a/hack/dockerfile/install/golangci_lint.installer
+++ b/hack/dockerfile/install/golangci_lint.installer
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-: "${GOLANGCI_LINT_VERSION=v1.23.8}"
+: "${GOLANGCI_LINT_VERSION=v1.44.0}"
 
 install_golangci_lint() {
 	set -e
diff --git a/hack/validate/golangci-lint.yml b/hack/validate/golangci-lint.yml
index 4994fc98a076d..649081139a265 100644
--- a/hack/validate/golangci-lint.yml
+++ b/hack/validate/golangci-lint.yml
@@ -35,28 +35,54 @@ issues:
   exclude-use-default: false
 
   exclude-rules:
-    # These are copied from the default exclude rules, except for "ineffective break statement"
-    # and GoDoc checks.
-    # https://github.com/golangci/golangci-lint/blob/0cc87df732aaf1d5ad9ce9ca538d38d916918b36/pkg/config/config.go#L36
-    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked"
+    # We prefer to use an "exclude-list" so that new "default" exclusions are not
+    # automatically inherited. We can decide whether or not to follow upstream
+    # defaults when updating golang-ci-lint versions.
+    # Unfortunately, this means we have to copy the whole exclusion pattern, as
+    # (unlike the "include" option), the "exclude" option does not take exclusion
+    # ID's.
+    #
+    # These exclusion patterns are copied from the default excluses at:
+    # https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104
+
+    # EXC0001
+    - text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
       linters:
         - errcheck
+    # EXC0003
     - text: "func name will be used as test\\.Test.* by other packages, and that stutters; consider calling this"
       linters:
         - golint
-    - text: "G103: Use of unsafe calls should be audited"
+    # EXC0006
+    - text: "Use of unsafe calls should be audited"
+      linters:
+        - gosec
+    # EXC0007
+    - text: "Subprocess launch(ed with variable|ing should be audited)"
       linters:
         - gosec
-    - text: "G104: Errors unhandled"
+    # EXC0008
+    # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
+    - text: "(G104|G307)"
       linters:
         - gosec
-    - text: "G204: Subprocess launch(ed with (variable|function call)|ing should be audited)"
+    # EXC0009
+    - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
       linters:
         - gosec
-    - text: "(G301|G302): (Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
+    # EXC0010
+    - text: "Potential file inclusion via variable"
+      linters:
+        - gosec
+
+    # Looks like the match in "EXC0007" above doesn't catch this one
+    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
+    - text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
       linters:
         - gosec
-    - text: "G304: Potential file inclusion via variable"
+    # Looks like the match in "EXC0009" above doesn't catch this one
+    # TODO: consider upstreaming this to golangci-lint's default exclusion rules
+    - text: "G306: Expect WriteFile permissions to be 0600 or less"
       linters:
         - gosec