News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    Posted on December 20th, 2018 at 09:35 woody Comment on the AskWoody Lounge

    Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc?

    Reports of problems with the patches are starting to come in.

    @David Beroff reports:

    Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed? I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it. I don’t ever use MSIE, and would uninstall it if I could. No other software was installed recently, and my system is usually as stable as a rock. (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.) Thank you.

    @PKCano has a good first guess:

    My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

    What browser are you using?
    What program(s) are you using when the crash occurs?
    What AV program do you run?

    I know that all of the experts are scurrying around like Chicken Little, telling you that you need to install this patch, like, right now.

    I don’t buy it. There have been no details released that I can find. Clement Lecigne of Google’s Threat Analysis Group, who reported the problem, hasn’t said anything publicly. Google’s TAG is quiet on the topic. No reports of infections.

    When the patching world goes silent like that, it usually means that we’re looking at a very limited vulnerability. It may turn into a monster at some point – but we aren’t yet at that point. The likelihood of having your machine clobbered, in my opinion, is much higher than the likelihood of you hitting this particular security hole.

    Hang on. Although you’ll have to patch sooner or later, you don’t need to do it right now. My best advice is to stop using IE. Yes, I know that security holes in IE can be exploited other ways because IE is still woven into Windows. But the worst offender — Outlook rendering of formatted emails with the IE engine — was plugged many years ago. I haven’t heard of any direct infections through IE. And it’s a big step from an IE exploit to an infection via other means.

    We’re still at MS-DEFCON 2 for a reason.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    This topic contains 56 replies, has 23 voices, and was last updated by

     columbia2011 1 day, 20 hours ago.

    • Author
      Posts
    • #241499 Reply

      woody
      AskWoody Plus

      Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc? Reports of problems with the patches
      [See the full post at: Reported crash with the new out-of-band IE fix on Win7, KB 4483187]

    • #241501 Reply

      Hopper15
      AskWoody Lounger

      You definitely warned us.  I’m glad I held off.

    • #241503 Reply

      woody
      AskWoody Plus

      P.S. This is exactly the kind of report I expect to issue with AskWoody Plus Alerts, once we have the mechanism in place. The Alert would contain the same content as this post, but I can update the AskWoody post as events unfold.

      3 users thanked author for this post.
    • #241508 Reply

      PKCano
      AskWoody Plus

      My XP VM is running Avast Free. This morning I installed KB4483187 for IE8 on it. Avast crashed – service would not start.

      I uninstalled KB4483187 – did not fix the problem.
      I downloaded and installed the current Avast installer (did not uninstall first) – Avast still crashed.
      System Restore did not run (not surprised).
      There are few AV programs that still run on XP. I will replace the VM with a backup and try several other things. Will report back with the results. I suspect it may be the javascript changes. Maybe Avast will fix the problem.

      Edit: See update below.

      • This reply was modified 3 weeks, 5 days ago by
         PKCano.
      8 users thanked author for this post.
      • #241512 Reply

        geekdom
        AskWoody Plus

        I wonder if there will be problems with all non-Microsoft anti-virus programs.

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • #241574 Reply

        warrenrumak
        AskWoody Lounger

        Far as I’m aware, this patch was only released for Embedded Standard 2009 and POSReady 2009.  Are you trying to apply a patch meant for Windows Embedded onto a standard Windows XP system?  If so, that’s probably why you’re having a problem.

        1 user thanked author for this post.
        • #241576 Reply

          PKCano
          AskWoody Plus

          No, I did the hack.

          1 user thanked author for this post.
      • #241597 Reply

        AJNorth
        AskWoody Plus

        Hello PKCano,

        Someone called me earlier today with essentially the same problem.  Cutting to the chase, I had them first uninstall KB4483187; then uninstall Avast using their Uninstall Utility (https://support.avast.com/en-us/article/10) and finally, as they still had their installation disc, run SFC.EXE /SCANNOW (which completed successfully).

        Instead of reinstalling Avast, Adaware Antivirus Free was installed, and everything seems to be working okay in the virtual XP.

        4 users thanked author for this post.
        • #241632 Reply

          AJNorth
          AskWoody Plus

          EDIT:

          Forgot to mention that all the XP security updates were successfully installed (including KB4471328).

      • #241600 Reply

        PKCano
        AskWoody Plus

        UPDATE   UPDATE   UPDATE

        Originally, Avast and Windows both updated.

        Rolled VM back to installed November updates. Uninstalled Avast. Ran Windows Update for Dec. XP runs fine with both KB4470199 and the 12/19 update KB4470199. Downloaded and installed the latest version of Avast – install did not work. Showed installed in “Add/Remove Programs'” and folder created in C:\Programs,  but no icon in the tray, no menu item, no icon on the desktop.

        Rolled VM back to installed November updates again. Allowed Avast to update the definitions and the engine. It was not successful, the service did not start, even without the Dec Win updates applied.

        Rolled VM back to installed November updates again. This time Avast updated the definitions but I did not allow it to update the engine. So far, so good. Installed KB4470199 manually, rebooted, still good. Installed the rest of the XP Dec updates including KB4470199, rebooted, everything still good.

        Conclusion: The December Windows Updates for XP are good. Avast runs on XP as long as the engine is not updated to the latest version.
        The EOL of the EOL of XP is about to expire in Jan 2019. Looks like it is about time to retire the XP VM.

        5 users thanked author for this post.
        • #241670 Reply

          BusinessSellCanada
          AskWoody Lounger

          PKCano … I run Win XP on a computer (actual – not virtual) with the registry tweak for POSReady2009 so that it gets all of the MS patches … and I’ve found that I can’t get AVAST to run with the engine above 18.3.  I kick myself every time I try to update the AVAST engine past that – both as an in-place engine update or as a full A/V install/re-install.  The AVAST UI service won’t start/run and the program says it doesn’t know why.  Trying System Restores and the uninstall/re-install of AVAST doesn’t seem to fix the problem.  The only thing that works is to use a Macrium Reflect image to image restore the whole harddrive to its original state.  I’ve decided that I can happily end my XP days with the AVAST 18.3 engine, which runs just fine and of course still gets AntiVirus signature updates.

          1 user thanked author for this post.
          • #241673 Reply

            PKCano
            AskWoody Plus

            @ajnorth says Adaware Antivirus Free will run without a problem. See his post above in this thread.

            1 user thanked author for this post.
            • #241717 Reply

              anonymous

              Is there a version of this update for the standard Windows XP home version (not XP VM or XP Embedded)?  If so, how do you find it?

              I know standard XP went out of support years ago, but Microsoft has issued a few sporadic patches for bigger issues impacting standard XP since then.

            • #241721 Reply

              PKCano
              AskWoody Plus

              The patches for POSReady are listed on the Microsoft Software Distribution pages, but I don’t believe they work on XP Standard.

    • #241514 Reply

      anonymous

      hmm… anyone else seen this issue with Windows 10 as well? We have had over a dozen users in the last 24 hours say their machines keep randomly restarting for no known reason!

      1 user thanked author for this post.
      • #241517 Reply

        Microfix
        AskWoody_MVP

        Which version(s) of W10 are you reporting?
        Do they have common denominator 3rd party AV or program?

        | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
        • #241520 Reply

          geekhelptx
          AskWoody Lounger

          They all run Malwarebytes’ and Windows Defener
          They all seem to be on 10.0.17134.471

          • #241526 Reply

            Microfix
            AskWoody_MVP

            Welcome to the forum 🙂
            Have you tried disabling malwarebytes on one system to establish whether it could cause the reboots after applying the IE patch?

            | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
            1 user thanked author for this post.
            • #241530 Reply

              geekhelptx
              AskWoody Lounger

              I have not had a chance… the machines literally reboot 2 or 3 times withing 20 minutes and then run normal after than so far.

              1 user thanked author for this post.
            • #241854 Reply

              geekhelptx
              AskWoody Lounger

              Finally figuring it out after a few days of being able to access the user’s machines.  On Windows 10, KB4483234 is the culprit.  It is failing to install and forcing a system reboot.  Then again failing to install and forcing a system reboot… repeat pattern…  Manually running updates has forced the install on 3 machines so far an this seems to correct the issue I was seeing.

              2 users thanked author for this post.
            • #241855 Reply

              Microfix
              AskWoody_MVP

              Thanks for the bootloop report,
              good to read you got it sorted.
              A festive unwanted gift from satya claus?

              Looks like this is happening elsewhere also, iceman994 on reddit:
              https://www.reddit.com/r/Windows10/comments/a8d1it/new_issue_with_2018_december_21st_update/

              | W10 Pro x64 | W8.1 Pro x64 | Linux x64 Hybrids | XP Pro O/L
              • This reply was modified 3 weeks, 4 days ago by
                 Microfix.
    • #241542 Reply

      Geo
      AskWoody Lounger

      Group A ,W7x64, home premium ,  AMD.    MSE and ADW cleaner.  I only use IE for updates the rest of the time I use Firefox.  No problems so far.

      • This reply was modified 3 weeks, 5 days ago by
         Geo.
      • This reply was modified 3 weeks, 5 days ago by
         Geo.
      • This reply was modified 3 weeks, 5 days ago by
         Geo.
    • #241549 Reply

      Speccy
      AskWoody Lounger

      At this point, no further details are publicly available regarding the vulnerability itself, but one could speculate that CVE-2018-8653 might very well be a revised, more thorough (or complementing) revision of the CVE-2018-8643 patch.

      If that is true, these kind of vulnerabilities seem to be exploiting (and bypassing) VBScript execution policies and the root cause of the reported crashes might, indeed, be a conflict between the updated libraries and third-party applications that are using the IE engine for rendering web content.

      In David’s case, apparently, that third-party culprit would either be Chrome (is he using the latest version?) or – more likely, especially after reading PKCano’s post – the AV (Bitdefender)…

      2 users thanked author for this post.
      • #241581 Reply

        David Beroff
        AskWoody Lounger

        My Chrome install uses the correct version 71.0.3578.98 (64-bit).  As for AV, I may not have been sufficiently clear in my earlier reply: I had to uninstall Bitdefender before any of this started.  I just double-checked now, and I couldn’t find any lingering services or processes from them.  Also, two of the five (or more?) crashes occurred before I even got a chance to start Chrome, i.e., very early in the bootup sequence.

        Still not a great sample size, but it’s now been a few hours without any crashes.

        Thank you, all, for your help and interest.

        3 users thanked author for this post.
        • #242161 Reply

          David Beroff
          AskWoody Lounger

          After a few days, my mean time between failures is about one day.  Admittedly, daily is better than hourly, but I’m still obviously not happy.  I did uninstall and hide KB4483187 that same day, although that doesn’t seem to have been enough, as this system used to be rock solid, and this Windows Update (and subsequent reversal) is literally the only thing that’s recently changed.  I did see that Windows created a Restore Point just before the installation; would that be of any help?  (I’ve never used those, as I really would prefer to not have to re-install everything on this machine.)  I’d be happy to delete MSIE if this was possible; it seems to be at the root of many issues, despite my never using it.  As mentioned before, the last time I had crashing issues, I’d narrowed it down to Google’s Backup and Sync, but again, that’s not running when these crashes occur.  Thanks in advance!

          1 user thanked author for this post.
          • #242197 Reply

            anonymous

            @david-beroff said:

            …I did see that Windows created a Restore Point just before the installation; would that be of any help?…

            Yes, that should restore your system back to the way it was immediately before the installation of KB4483187. That’s why Windows does these things: In the event something goes awry you’ll have a “fail-safe” place to fall back to. Or, at least you should if everything went well with the establishment of the restore point and you haven’t deleted any software that was already installed at the moment the restore point was created, from what I understand of the way restore points are supposed to work.

            • #244027 Reply

              David Beroff
              AskWoody Lounger

              Yeah, except that the Restore Point from the 20th doesn’t seem to actually be there. 🙁  Yes, permissions are set to allow them to happen, and yes, there is plenty of disk space configured and available.  An unrelated install created one on the 30th, but of course, that doesn’t help me.  Great; the one time I actually want/need such a facility, and it’s not available.  {sigh}

              On the plus side, random crashing has gone from daily to “only” once or twice a week.

              Is there any way to look at the logs and actually see what’s happening at the time it crashes?

    • #241553 Reply

      anonymous

      Well, Microsoft announced a well deserved holiday, so don’t expect any solutions soon

    • #241563 Reply

      banzaigtv
      AskWoody Lounger

      I’m running Windows 8.1, which rarely gets buggy updates, but I’m staying away from this patch. I use Chrome instead of IE anyway.

      i7-4790k, HyperX FURY 16 GB RAM, Galax GTX 980 HoF, Samsung 850 EVO 1 TB SSD, Windows 8.1 Pro 64-bit

      1 user thanked author for this post.
    • #241601 Reply

      woody
      AskWoody Plus

      Not only has the KB article been surreptitiously updated (incorrectly, it turns out), but there’s speculation now that the security hole was introduced by the November or December updates.

      More coming tomorrow in Computerworld.

      10 users thanked author for this post.
      • #241604 Reply

        geekdom
        AskWoody Plus

        Unless Beta Testing leave it alone?

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • #241605 Reply

        Mr. Natural
        AskWoody Plus

        Facepalm

        1 user thanked author for this post.
    • #241610 Reply

      BobbyB
      AskWoody Lounger

      Patch in haste repent at leisure having the usual sabaticle from patching until next year, hopefully New year new improved patching regime, he says in hope but not in expectation 😉

      1 user thanked author for this post.
    • #241611 Reply

      rontpxz81
      AskWoody Lounger

      I installed KB 4483187 on Win 7 64 bit this morning and no problems yet.  Don’t have Avast, but ran a few other programs and no crashes.

    • #241648 Reply

      Bill C.
      AskWoody Lounger

      Win7Pro-64_SP1 here, Group B, with all November patches applied w/o issues.
      Boy am I glad I always check here first when I get that feeling to patch a “serious” problem. I was going to install the IE updates. Saved again. BobbyB got it right in post #241610, “Patch in haste repent at leisure.”

      Probably unrelated, but on my machine on December 15th, Malwarebytes Premium threw the first of 3 errors regarding crashes at shutdown that involved ntdll.dll and mbamservice.exe. This is transparent unless you look at the logs or Action Center. Last night MB itself reported that the Webprotection Module was turned off. The issue is documented on their forum. Interestingly a colleague who is unpatched since May, also reported the MB issue.

      I know Group B patching is NOT cumulative, but are out of band fixes included in the next Security Only (Group B) IE patch (cumulative) or the monthly Group B patch the following month.

      • #241649 Reply

        PKCano
        AskWoody Plus

        The IE11 patches are cumulative. The out-of-band patch this month superseded the Patch Tuesday IE11 Update. And the Jan IE11 CU will contain KB4483187.

        5 users thanked author for this post.
        • #309937 Reply

          anonymous

          I did install KB 4480970 (monthly rollup; w7 32bit, https://support.microsoft.com/en-us/help/4480970) this weekend bit in release notes cannot find if kb4483187 is included?

          • #309971 Reply

            PKCano
            AskWoody Plus

            The chain of supersedence is through the IE11 CUs. 2019-01 IE11 CU KB4480965 replaces 2018-12 IE11 CU KB4483187. Since the 2019-01 SMQR contains the Jan IE11 CU, then CU KB4483187 is replaced by the Jan CU KB4480970.

            Er, you got that, right?

            • #310007 Reply

              anonymous

              Thank you!

      • #241658 Reply

        AJNorth
        AskWoody Plus

        FWIW, am also running MWB Premium on Win 7 Pro x64, but have not experienced any of the issues that you have related (at least so far…). The machine was fully patched about twenty-eight hours ago (“Group B”).

        1 user thanked author for this post.
    • #241677 Reply

      anonymous

      I’m not sure this fits here but seems related. I don’t use IE but some programs default to it and start it if you click help or info/about. When that happens I just close IE. It hasn’t happened in a while.

      I’m in group A and never install updates until given the go ahead. I have left my settings at check for updates but let me decide.

      This morning I was in an online game and had to leave the room for a bit. Windows rebooted when I was away and I couldn’t find a cause. I was checking things when it rebooted again. I ran malwarebytes and my virus scanner in safe mode and after I rebooted to normal mode. Everything was okay. I even scanned with stinger but found nothing.

      Tonight the computer seems okay but i have noticed several windowsupdatefailure3 events in event viewer. Could WU have caused the problems?

    • #241686 Reply

      anonymous

      My Windows 2008 R2 Server would not start after applying update above KB4483187. Please hold onto installing it. Having still a headache to bring the server back to life 🙁

      3 users thanked author for this post.
    • #241852 Reply

      anonymous

      Installed this fix on Win 7 32-bit SP1 and no problems.  Use Microsoft antivirus s/w so may explain things.  So far so good.

    • #242069 Reply

      OldBiddy
      AskWoody Lounger

      Chrome is my default browser and I haven’t used IE in years. But I wonder how is IE “woven into windows” even if you never use it? How does it impact the OS? I run Win 7, x64, Group A.

      • #242086 Reply

        anonymous

        Some of the behind-the-scenes files and methods that IE uses to display items on a web page are also used by Windows Explorer to display items on your computer.

        Also, if you look into file associations, you might notice that IE is listed as the go-to program for displaying certain file types, despite your use/choice of Chrome as your default browser for the internet.

        BTW I’m running Win7 SP1 x64. I doubt that there’s any difference between home, pro or any other version (enterprise, starter, etc.) when it comes to file associations.

        The above concept makes for a very good reason to keep IE updated with the current security patch(es) when we get the go-ahead by the raising of the MS-DEFCON level to 3 or higher.

        We’re currently at level 2 so, if you haven’t downloaded and installed it already, please don’t download and install the patch just yet. By the time we get the go-ahead, MS may have a newer version of the patch available that won’t crash anyone’s system. Stay tuned here to AskWoody for the latest info on the status of the IE out-of-band patch, and whether it’s safe to install or not.

        4 users thanked author for this post.
        • #242341 Reply

          OldBiddy
          AskWoody Lounger

          Thank you for this helpful response and advice, Anonymous. Succinct and comprehensible and I see why it’s important to keep IE updated. It’s really more than just a browser. Will definitely wait til Woody gives the go ahead before installing any patches though.

    • #242367 Reply

      anonymous

      Win 7 64 crashed on me a day after installing this. I don’t use IE. Could not boot up normally after that, crashed during boot. Booted into safe mode and did a restore to before the update and things have been working fine since.

      • #242376 Reply

        geekdom
        AskWoody Plus

        What is your anti-virus software?

        Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
    • #244040 Reply

      OscarCP
      AskWoody Lounger

      It is already the 3rd of January as I write this: Are there any further news about this problem? Would it be a good idea not to install the December IE patch now, but wait until late in January, in case of a possible out-of-band “re-patch” becoming available before or as late as then? Thanks.

      • #244050 Reply

        OscarCP
        AskWoody Lounger

        As a follow-on to the above question: I have KB 4483187 (some 50+ Mb) offered through Windows Update. I usually update as Group B. Should I ignore the offered update and download it instead from the Catalogue, or is it the other way around? I remember that something about this was advised some time ago, but now am not sure exactly what that advice was. Thanks.

        Group B, Windows 7 Pro, SP1 x64; I-7 “sandy bridge.”

    • #244127 Reply

      OscarCP
      AskWoody Lounger

      PKCano, Microfix and TSP: Thanks, you three, for your comments. I have just installed all the December updates (a total of 14 patches!, twelve of those offered by Windows Update and that have been declared OK in the Master Patch List, plus the Security Only and IE11 patches from the Catalogue) And all seems well.

      Although here is a thought for others who might also read this: Your mileage might vary, depending on what you have installed in your machine and what you do with it. I have noticed, for example, that people who do unusual things also seem to have unusual problems after patching. What is “unusual”, you might ask? That question is next in non-answerability to “what is truth?” You know who you are.

      Group B, Windows 7 Pro, SP1, x64, I-7 “sandy bridge.”

    • #244176 Reply

      anonymous

      I have two Windows 7 computers – both would lock up shortly after booting after the Dec. 11 (+/-) update.  I was able to get them both stable again with a System Restore back to an early restore point.  Then the IE update came out.  One computer I had turned off.  The other got the update.  That computer would only go to the BIOS screen.  I created a System Repair disk, the allowed me to get to a Command Prompt.  My C: drive could not be accessed (“Access Denied”).  My D: and E: drives were accessible.  The only way I have been able to get access to the C: drive contents was using a RAM based DVD ISO installation of Linux.  From there I was able to get the files I wanted.  However, it requires a complete new Windows ISO install.  Will probably upgrade to Windows 10.  Was using Windows 7 due to the elimination of WMC in Windows 10.  No help from the Microsoft techs via chat other than getting me an ISO copy of Windows 7.  Pretty pathetic.

    • #310504 Reply

      EP
      AskWoody_MVP

      It looks like installing the KB4483187 IE update does finally prevent Windows Update from offering old IE11 security updates like KB3185319, KB3175443. etc. (after I uninstalled KB3185319 from my Win7 & 8.1 computers) 🙂

      However KB4483187 will STILL be offered from Windows Update, even though KB4480965 IE update, KB4480960 for Win7 or KB4480964 for Win8.1 is installed. I don’t know why…

      • This reply was modified 1 day, 21 hours ago by
         EP.
      • #310538 Reply

        columbia2011
        AskWoody Plus

        Because of KB4483187 is cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based systems and consists of all previous IE updates.

        1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Reported crash with the new out-of-band IE fix on Win7, KB 4483187

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: