Microsoft releases emergency IE patches inside ‘optional, non-security’ cumulative updates

Microsoft releases emergency IE patches inside ‘optional, non-security’ cumulative updates




I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.

As a bit o’ lagniappe, if you use Windows Update to install the sky-is-falling IE patch, you’ll get a bunch of additional marginally-tested patches along for the ride.

Here are the most important Win10 patches that appear to contain the IE/CVE-2019-1367 fix:

  • Win10 1809 and Server 2019 KB 4516077 – build 17763.774.
  • Win10 1803 KB 4516045 – build 17134.1039.
  • Server 2016KB 4516061 – build 14393.3242.

I say “appear to contain” the fix because, as best I can tell, none of the documentation mentions CVE-2019-1367, the security hole that was fixed yesterday in an odd single-purpose cumulative update. These, too, are cumulative updates, but they’re specifically identified as “non-security updates.”

Copyright © 2019 IDG Communications, Inc.






Software

Leave a Reply

Your email address will not be published.