• Patch Lady – the optional 1903 that includes the IE patch is out

    …and I’m not installing it.  Which is saying a lot since I’m an Enterprise Security MVP and normally understand why Microsoft does what they do to keep us safe even though I don’t agree with it all the time.

    Microsoft just released https://support.microsoft.com/en-us/help/4517211/windows-10-update-kb4517211

    And released a servicing stack update https://support.microsoft.com/en-us/help/4520390/compatibility-update-for-installing-windows-10-version-1903

    For those keeping track this is the “D” week release, meaning it’s optional…. HOWEVER…. this INCLUDES the out of band IE update released on 9/23 which was not released on Windows update or WSUS and is only available on the catalog site.  There are two side effects that have been noted and reproduced by several on the patching community (can’t install .net 3.5, and early reports of printing issues).   Support cases are still in the process of being set up so it will take a bit of time to get these documented as known issues or at least better understood if there are interactions going on with something else.

    I still can’t figure out why the out of band update is NOT on Windows update or WSUS and if Microsoft is THAT worried about it being a risk for all of us, then I’d say they need to get their act together and fix WU and WSUS as deployment mechanisms.

    This time I do not understand why Microsoft is not doing what they should do if they truly think we are at risk.  All they have done is let the attackers get the ability to understand the vulnerability and have not done their part to keep the masses safe from this risk.  Given that I do not see evidence of anything but targeted specific attacks and not rank and file mass attacks, I’m recommending that you not install anything that includes these out of band IE updates at this time.

    In the meantime, I too am starting to sound more and more like … “hey… you there.. get off my lawn”