Patch Tuesday preliminary report: Looks like the fourth time’s a charm

All we had to do was wait. 

If you recall, on Sept. 23 Microsoft posted manual patches for the CVE-2019-1367 Internet Explorer zero-day hole, and the blogosphere went wild with warnings of imminent doom. Predictably, we haven’t seen any real-world attacks, but the bugs those patches introduced were very real. 

On Sept. 24, we saw those same buggy patches in a different form — melded into “optional, non-security” cumulative updates and “Monthly Rollup Previews” for all versions of Windows. (The 1903 patch, buggy as all the rest, arrived on Sept. 26.)

Apparently unsatisfied with the “optional” nature of all the patches to that point, on Oct. 3, Microsoft pushed a massive series of out-of-band real cumulative updates and Monthly Rollups. The bugs had a field day.

We discovered a description hidden behind a Microsoft E5 (read: $690/year) paywall that leads to a rather simple conclusion: If you don’t use Internet Explorer and set some other browser as your default browser, you’ll avoid the known IE infection vector “mostly around Middle Eastern and North African affairs.”

Tempest, meet teapot.

Copyright © 2019 IDG Communications, Inc.


Leave a Reply

Your email address will not be published.