Windows 10 News and info | Forum
October 16, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Windows out-of-band update: Microsoft's mandatory security patch for all version  (Read 32 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 30589


I Do Windows


WWW Email
« on: October 04, 2019, 06:43:57 PM »
ReplyReply

Microsoft has issued an out-of-band required update for all versions of Windows, rounding out the patch it released on September 23 to address an already-exploited flaw in Internet Explorer.

Initially, Microsoft only released the out-of-band patch for CVE-2019-1367 on the Microsoft Update Catalog, which users needed to manually download.

But Microsoft has now released it through Windows Update and Windows Server Update Services (WSUS) to distribute it more widely to end-users.

"This is a required security update that expands the out-of-band update dated September 23, 2019," Microsoft warns users.

The decision not to release the patch through Windows Update and WSUS caused some confusion. Why create a patch and then not distribute automatically to all Windows users until now?

The IE scripting engine flaw was found by Clement Lecigne of Google's Threat Analysis Group, and Microsoft raced out the patch within days.

It's likely that the vulnerability was being used to target a narrow section of Windows users. It's also not clear how much time Microsoft was able to spend regression testing its patch before releasing it.    

Lecigne also discovered a publicly-unknown bug in Chrome and one affecting Windows 7 in February. The flaws were being used in tandem to attack targeted users.

Google released a patch for Chrome and disclosed the existence of the Windows 7 flaw before Microsoft was able to release its patch.

At this stage, Lecigne has not published any details about the IE flaw.

The new Windows out-of-band update also addresses a bug that caused print jobs to fail.  

"Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error," explains Microsoft.

And it appears that the printing issue was caused by the patch for the IE flaw.

"To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows," Microsoft explained in its original advisory.

Another fix the new update addresses is an error that occurred when users install Features on Demand, such as .Net 3.5.

Microsoft also stressed that the current required update doesn't replace the upcoming October Patch Tuesday on October 8.

The new required security update is available for all supported versions of Windows 10, Windows 8.1, and Windows 7. Microsoft is recommending that users install this update as soon as possible and restart their PC to fully apply the mitigations.  

source
« Last Edit: October 05, 2019, 01:05:16 AM by javajolt » Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 06, 2019, 08:21:17 PM