• Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

    Reports of problems with the patches are starting to come in.

    @David Beroff reports:

    Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

    @PKCano has a good first guess:

    My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

    What browser are you using?
    What program(s) are you using when the crash occurs?
    What AV program do you run?

    I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

    I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

    When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

    Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

    We’re still at MS-DEFCON 2 for a reason.