By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft has issued an out-of-band required update for all versions of Windows, rounding out the patch it released on September 23 to address an already-exploited flaw in Internet Explorer. Initially, Microsoft only released the out-of-band patch for CVE-2019-1367 on the Microsoft Update Catalog, which users needed to manually download. But Microsoft has now released it through Windows Update and Windows Server Update Services (WSUS) to distribute it more widely to end-users. "This is a required security update that expands the out-of-band update dated September 23, 2019," Microsoft warns users. The decision not to release the patch through Windows Update and WSUS caused some confusion. Why create a patch and then not distribute automatically to all Windows users until now?  The IE scripting engine flaw was found by Clement Lecigne of Google's Threat Analysis Group, and Microsoft raced out the patch within days. It's likely that the vulnerability was being used to target a narrow section of Windows users. It's also not clear how much time Microsoft was able to spend regression testing its patch before releasing it. Lecigne also discovered a publicly-unknown bug in Chrome and one affecting Windows 7 in February. The flaws were being used in tandem to attack targeted users. Google released a patch for Chrome and disclosed the existence of the Windows 7 flaw before Microsoft was able to release its patch. At this stage, Lecigne has not published any details about the IE flaw. The new Windows out-of-band update also addresses a bug that caused print jobs to fail. For more turn to OUR FORUM

 

Translate