Time to install Microsoft’s mainstream September patches – and avoid the dregs

Time to install Microsoft’s mainstream September patches – and avoid the dregs

It’s a smelter-weight slapdown. 

In one corner you have the Chicken Little contingent, which insists that September’s IE zero-day patch must be important because Microsoft marked it as “Exploited: Yes” and memorialized it with an extremely odd patch on a Monday, followed in Keystone Kops fashion with a stumbling trail of follow-ons

In the other corner you have Dummies like me who say Microsoft obviously didn’t care that much about the security hole because it didn’t really push out a fix. If Microsoft were serious about the zero-day, the Dummies insist, it would’ve gotten its act together by now. Demonstrably, the act is still in progress.

And in the middle you have a billion or two Windows customers who really don’t care. They just want their computers to work and not suddenly get whopped by a WannaCry wannabe.

Welcome to Windows as a service.

Internet Explorer choices

With Internet Explorer usage share rapidly swirling down the drain, you might wonder why anybody would care about a patch for a zero-day bug in IE. The problem is that some security holes in IE can be exploited even if you aren’t using IE because Microsoft spreads IE plumbing throughout Windows. Fair enough. But Microsoft hasn’t said if the CVE-2019-1367 exploit can be harnessed even if you aren’t using IE. So the long and short answer is we don’t know if you really need to install the IE patch(es).

Copyright © 2019 IDG Communications, Inc.


Leave a Reply

Your email address will not be published.