Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1

[woodyDa Boss]

Microsoft just posted CVE-2018-8653: Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the
[See the full post at: Heads up — Bug fix for IE coming out through Win10 cumulative updates, Win7 and 8.1]

7 users thanked author for this post.

Lori, rc primak, SoulAsylum, rontpxz81, Elly, GreatAndPowerfulTech, geekdom

[anonymous]

I can’t remember the last time I’ve used IE. It’s been that long.

[anonymous]

What Should I be using if not IE? Firefox, WaterFox, Chrome, GTbroswers, or IE.

[woodyDa Boss]

Any of the above. All of the above.

I use Chrome and Firefox side-by-side, all day, every day, with an occasional run through Edge.

[anonymous]

Since most noobs stick with Chrome, there’s hardly any attack against IE these days — making IE the most secure Web browser. If you like IE, keep using it.

1 user thanked author for this post.

Barry

[anonymous]

Informed comment there probably from a noob.

[anonymous]

I’d just like to point out that .. in some cases, IE is activated by Windows. Case being mine. I don’t even consider using Chrome. Who would? Google has more data than the NSA and the CIA combined, just from users inputs in their search engine lol .. imagine what Chrome is allowing/preventing. Anyways. Is it possible that, just maybe, this update is critical to some people, or was. Before they were hacked. Every device on the network except the Xbox One. And I’ve not once opened IE. True enough, that just means I already had something in there from one of these other exploits we’re hearing about (Intel vulnerability, ASUS router exploit)  which are fixed after the damage is done to some people. I’m all for the update but Microsoft needs to tighten up. I needed it a month ago. I needed the ASUS fw patch back before I got infected.

Edit to remove HTML

[radosuafAskWoody Lounger]

Firefox is cool. I use it :).

MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit

[OscarCPAskWoody Plus]

Thanks. Now, this is probably a very naive question, as I do not use Windows 10, but can one run IE on Windows 10? I’ve understood (for no particular reason) that it was Edge the only MS browser that can be run there. And if one can, is it the same IE11 version as for Windows 8.1?

[PKCanoDa Boss]

I think the title of the blog post give you the answer.

2 users thanked author for this post.

rc primak, WildBill

[OscarCPAskWoody Plus]

Thanks, but not really the whole answer: is it the same version as for Windows 8.1, or a different one?

[woodyDa Boss]

Under the covers it’s likely different, but for all intents and purposes, IE on Win10 is very similar to IE on Win7 and 8.1.

7 users thanked author for this post.

abbodi86, walker, cesmart4125, Great Lake Bunyip, OscarCP, WildBill, geekdom

[Mr. NaturalAskWoody Plus]

IE is in Windows Accessories on the start menu in Windows 10.

I only use IE at work for a few legacy apps. Unfortunately we do have users in the office still using IE. Chrome is on all installs and I tell folks to use it when they call me with IE issues.

Not disclosed yet so I’ll wait and see what happens with this one.

Red Ruffnsore reporting from the front lines.

[mn–AskWoody Lounger]

Legacy apps unfortunately including such as, some Sharepoint Online integration features … and local-only tools like RAID, NAS and even network device management for certain hardware (honestly, couldn’t they just write either a browser-agnostic tool or a proper application?)…

Really, with the odds being that IE is the only browser left on most systems that can run integrated Java applets and Java applets also being the only way to configure some of those…  even on this year’s hardware models occasionally.

Or I suppose you could rig the Hyper-V host server to multiboot Linux on the bare hardware and use the custom drivers and unofficial opensource command line tool every time you need to rearrange RAID volumes for a guest VM… because even the cold-boot firmware RAID setup UI doesn’t have access to some of the settings.

(Why yes, I do have a copy of the last ESR 52.x Firefox stashed away too…)

[anonymous]

Is this the type of update that you have to click “Check for updates” to get? Or will it come rolling down unless you have updates blocked in some way (metered connection, wushowhide, etc.)?

[bhenAskWoody Lounger]

it arrived automatically for me and it’s listed in the catalog as a Security Update instead of just an “Update” (like other non-patch day updates)

[anonymous]

It’s a security update so it should come down either way.

One can also download it from the catalog site and manually install it but, as always, those using this method must make sure to first install the latest Servicing Stack Update (SSU). There is no new SSU with this Latest Cumulative Update (LCU) but if this is the first time you’re updating this month and you choose the manual method, be sure to first apply the associated SSU released earlier in the month. The KB article for each version of the Win10 LCU has the details.

[PKCanoDa Boss]

There were two new SSUs in December for 1709 (KB4477136) and 1803 (KB4477137). The download links are on the main blog page for Dec 2018 Updates. The rest of the SSUs are older and should already be installed

3 users thanked author for this post.

rc primak, walker, woody

[anonymous]

I never use IE but some programs use it even if you have set another browser as default.

I wish there was a way to block IE being accidentally accessed through those programs. Sometimes it is as simple as clicking on “about” or “help” in the program interface and IE starts up and must be closed.

This is annoying.
firemind

[bhenAskWoody Lounger]

If you’re at risk of being tricked into using IE, you should probably let this download and install.

As someone on 1803, when I saw a folder with files show up in SoftwareDistribution on a Wednesday, I was expecting “automatic 1809 update”, not “security update for 1803”. (Yeah yeah, the 1809 update files probably land somewhere else when they arrive, right?)

[abbodi86AskWoody_MVP]

Waiting Win 7/8.1 Preview Rollups 🙂

[woodyDa Boss]

OK, but there won’t be any this month. See the last section here:

https://www.computerworld.com/article/3327564/microsoft-windows/patch-tuesday-breaks-records-some-good-most-bad-and-check-for-updates-still-stings.html

6 users thanked author for this post.

rc primak, walker, abbodi86, Elly, Great Lake Bunyip, WildBill

[abbodi86AskWoody_MVP]

Oh yes, holidays 🙂

luckily we have new IE cumulative now in WU, after nearly 3 years of last one 😀

[DrBonzoAskWoody Plus]

I wonder if this effectively makes the WIN 7 December Rollup a new patch? I was just at the support page for the Rollup and it was last updated Dec 11. That would imply that even Group A folks would need the new IE Patch. But at some point every Win 7 (and maybe Win 8.1 and 10 as well) user will need the IE 11 patch whether they browse with IE 11 or not since IE 11 is part of the OS.

[StoopidMonkeyAskWoody Lounger]

According to my WSUS server Win7/8/2008R2 machines got a new Cumulative IE patch (leaving the OS rollups intact) but all newer OS’s had to get a whole new Cumulative OS rollup since IE updates are now bundled with them.

[anonymous]

I am seeing the patches show up on our WSUS servers, but NOT seeing the patches offered when running a WindowsUpdate client check connecting to Microsoft.

And FWIW the patches are listed as available in the Update Catalog.

I’m not sure why they are not showing up via WindowsUpdate client 3+ hours after they showed up on the WSUS servers.  That is not the usual behavior.

However it does make me wonder if they have already been pulled from Windows/Microsoft Update web site.

Jim

[anonymous]

Does theis new IE cumulative SEC Patch(KB4483187) negate having to install KB4470199 the regular Dcember IE cumulative SEC Patch I have one of my 4 laptops already updated for the Dec 2018 patches and the other 3 are still waiting to be patched for Dec 2018. I’d like to have to install as little as possible from Microsoft if possible.

1 user thanked author for this post.

WildBill

[AJNorthAskWoody Plus]

Does the new IE cumulative SEC Patch (KB4483187) negate having to install KB4470199 the regular December IE cumulative SEC Patch

 

Hello,

The answer is yes; KB4471328 supersedes KB4470199 (please see https://support.microsoft.com/en-us/help/20181219/security-update-deployment-information ).

[ashfan212AskWoody Lounger]

The support page for the Windows 7 patch recommends verifying the jscript.dll version after installation of the patch. Does anyone know in which directory jscript.dll resides or whether there is a better way to verify the version of the file?

[DrBonzoAskWoody Plus]

It’s in Windows/system32. Just hover your cursor over the file name and you’ll see the version.

2 users thanked author for this post.

cesmart4125, ashfan212

[anonymous]

c:\windows\system32

On a 64 bit system, there should be a new one in:

c:\windows\syswow64

1 user thanked author for this post.

ashfan212

[PKCanoDa Boss]

AKB2000003 has been updated on 12/19/2018 to include the out-of-band KB 4483187 IE11 Cumulative Update for Group B and anyone else who needs to download it.

This update replaces KB4470199 2018-12 Cumulative Security Update for IE11.

(For those of you still running XP, you will need this patch as well. Thanks to @? says)

11 users thanked author for this post.

Lori, rc primak, walker, Microfix, Speccy, LTL, abbodi86, Elly, WildBill, Hopper15, woody

[anonymous]

Per the MSRC blog post this has been seen by Google in targeted attacks.  Malware can pull a specific instance of a browser and thus even if you aren’t using IE, malware could target it.  So don’t blow this off if you (or your firm) think you might be in one of these targeted attacks.  I am seeing the IE patch on my 7 so they haven’t pulled them.

[PKCanoDa Boss]

I am seeing the update now in Windows Update (4:00pm CDT US 12/19/2018)

1 user thanked author for this post.

Hopper15

[Hopper15AskWoody Lounger]

PKCano wrote:

I am seeing the update now in Windows Update (4:00pm CDT US 12/19/2018)

Same here. I just hid it.

[warrenrumakAskWoody Plus]

Attacks like this are demonstrative of why it’s important to leave UAC turned on.  I know lots of smartypants-types turn UAC off because they don’t like being nagged to elevate privileges….. but the point is to ensure that processes like Internet Explorer that don’t need to be an Administrator, ever, are not running with the Administrator token by default.

 

1 user thanked author for this post.

BobbyB

[GoneToPlaidAskWoody Plus]

While I totally agree that everyone should keep the annoying UAC enabled, it appears that in this case UAC won’t protect you if you are logged in with admin account privileges.

1 user thanked author for this post.

rc primak

[anonymous]

Updated IE11 on a Windows 7 machine and it required a reboot and seemed to install fine via Windows Update.

Attempted to update a Windows 8.1 machine and it seemed to install, but strangely didn’t require a reboot.  Checked Windows history and it indicates being installed but when I open IE11 to check the most recent IE security update it’s still showing Dec 11 KB4470199 as being installed.  Uninstalled and tried again using Windows Update and still the same result.  Tried a manual installation via the catalog download and it still showing the same.

Is there anyway of showing whether this update installed correctly?

[PKCanoDa Boss]

The MS pages on KB4483187 Cumulative Update for IE11 say this:

After you install this security update on a computer that is running Windows Server 2012 R2 or Windows 8.1, the About Internet Explorer 11 dialog box will show KB4470199 (the December 11, 2018 security update for Internet Explorer) instead of KB4483187. Users can confirm they are protected by verifying that the version of jscript.dll is 5.8.9600.19230.

6 users thanked author for this post.

rc primak, LTL, abbodi86, GoneToPlaid, Great Lake Bunyip, woody

[anonymous]

Thanks, PK.

[woodyDa Boss]

There’s a workaround published in the CVE article:

Workarounds

Restrict access to JScript.dll For 32-bit systems, enter the following command at an administrative command prompt:

	cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

	cacls %windir%\syswow64\jscript.dll /E /P everyone:N

Impact of Workaround. By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilizes jscript as the scripting engine.

How to undo the workaround. For 32-bit systems, enter the following command at an administrative command prompt:

	cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems, enter the following command at an administrative command prompt:

	cacls %windir%\syswow64\jscript.dll /E /R everyone

2 users thanked author for this post.

rc primak, Great Lake Bunyip

[deuce120AskWoody Plus]

Woody,

You posted workarounds that were listed in a CVE article posted on a Mircosoft website. I get alerts from Microsoft when new articles, updates, etc are posted. The crazy thing is if I click on link on the to the CVE article, CVE-2018-8653, it takes me to different article than the one your link does. The second one does not list any workarounds – stated as no known worlarounds. That link is https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653.

Goes to show that Microsoft has some serious issues and we are suppose to “trust” them.

Thanks for all the great information that you and others provide.

[PKCanoDa Boss]

The Workaround has been changed. As of 12/22/2018 see #242004 for the changes.

[anonymous]

Yeah, Microsoft realized that you can’t change or edit the access control list of certain files without being the owner of them in the first place, so they added the command to take ownership of the jscript.dll file. The file’s original owner is the TrustedInstaller.exe program, which runs a good portion of Windows Update.

[anonymous]

? says:

thanks for the “workaround,” Woody! the patch updates all 3 jscript().dlls to version 5.8.9600.19230 12-13-2018…

[fernladyAskWoody Lounger]

I checked for updates and KB4483187 came in so I hid it. I’ll keep reading till I figure out if I should install it.

Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

[GeoAskWoody Plus]

Group A,  Win7x64, Home premium, AMD.  KB4483187.    I use IE to install updates.  other then that I use Firefox.  No problems.

[anonymous]

So is this an extreme urgent one? Don’t use IE at all, always wondered why I can’t uninstall it. Hope I can pospone it for a week or so since we’re packing up for the holidays and prepare for a long trip. Just shut down, backed up and imaged laptops we take. I am not very keen to start them again with all kinds of risks involved… :-/ Sorry for the question, but don’t know if I should be nervous about this one.

[GoneToPlaidAskWoody Plus]

Given that MS is pushing this IE update to everyone via Windows Update, instead of as usual bundling this update in MS’s telemetry laden monthly rollups, yeah, you should take this one seriously.

[anonymous]

Tnx, I was afraid of that already 🙁 I have so extremely enough of Windows 10 you can’t imagine that. Ok, so the first time we fire up those laptops at our destination, they will start updating. Absolutely wonderful thought. Why on earth can’t we install stuff we don’t need, it would save such a lot of hassle. The sad thing is that some hours ago we checked for updates, none were found, while this one was released some hours before this check. Even just before Christmas Microsoft rolls out nasty surprises, so demotivating. We’ll hope the next time we switch on those laptops, the updates will be installed smoothly.

[anonymous]

But Woody saying we should avoid installing it.

[anonymous]

Update came through on XP for IE8.  Installed – no problem noticed.

[GoneToPlaidAskWoody Plus]

XP virtual machine within IE8?

[abbodi86AskWoody_MVP]

Side notice: a flood of new KB articles about privacy in Windows 10

https://support.microsoft.com/en-us/help/4459081/general-privacy-settings-in-windows-10-microsoft-privacy
https://support.microsoft.com/en-us/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy
https://support.microsoft.com/en-us/help/4468228/windows-10-app-diagnostics-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468229/windows-10-apps-and-services-activity-on-the-privacy-dashboard-microso
https://support.microsoft.com/en-us/help/4468240/windows-10-location-service-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468247/windows-10-privacy-settings-that-apps-use-microsoft-privacy
https://support.microsoft.com/en-us/help/4468227/windows-10-activity-history-and-your-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468232/windows-10-camera-microphone-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468230/windows-10-background-apps-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468235/windows-10-eye-tracking-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468243/windows-10-motion-data-and-privacy-microsoft-privacy
https://support.microsoft.com/en-us/help/4468234/windows-10-desktop-apps-and-privacy
https://support.microsoft.com/en-us/help/4468239/location-activity-on-the-privacy-dashboard-microsoft-privacy
https://support.microsoft.com/en-us/help/4468231/browsing-history-on-the-privacy-dashboard-microsoft-privacy

1 user thanked author for this post.

Elly

[Hopper15AskWoody Lounger]

anonymous wrote:

So is this an extreme urgent one? Don’t use IE at all, always wondered why I can’t uninstall it. Hope I can pospone it for a week or so since we’re packing up for the holidays and prepare for a long trip. Just shut down, backed up and imaged laptops we take. I am not very keen to start them again with all kinds of risks involved… :-/ Sorry for the question, but don’t know if I should be nervous about this one.

“Way-out-of-band patches like this one have a nasty history of blowing up” Like Woody said I would avoid it.

[anonymous]

Hi! Thanks, I just wanted to avoid wild adventures around Christmas. Anyway, my laptops don’t find this patch anyway (see post below)…

[anonymous]

I got lost. Just to avoid a nasty surprise during Christmas, I decided to fire up my laptop in the middle of the night. It didn’t find the update. Neither did another laptop. And yes, I even dared to click this dreaded seek for updates-button, several times even. Both systems are on 1803, Semi Annual Channel, 365 days deferral of feature updates and 0 days deferral of quality updates. Could that have anything to do with it? I have a vague memory of not getting some other out of band updates in the past either, but not sure. Also I never get those extra non-security updates seperately (not that I miss them). The updates from patch Tuesday I always pick up. Same behavior on all systems which have no exotic software or drivers.

Or is this specific update/patch withdrawn already? Saw some complaints on Reddit regarding hanging black boot screens and some other weird things.

Anyway: should I as someone who defenitely never uses IE worry about this at all, actually…? I assume that I get the patch included in January’s cumulative updates, so yeah… Manually installing updates I never did in my life and I don’t feel comfortable doing that now either to be honest. I am just an average user, not an IT-expert.

[anonymous]

The IE update automatically downloaded for me and keeps prompting me to install. it’s not worth the risk of delaying it. I am not an IT Pro though – just IMHO.

[Nibbled To Death By DucksAskWoody Plus]

According to Ars Technica,

“Windows users should ensure their computer installs the update as soon as possible, even if they don’t normally use IE to browse sites.”

Woody says not to patch.

The article seems to infer (it’s the last sentence) that MSFT has decreed this. It’s not clear if this is the opinion of the writer or MSFT.

Can anyone decipher this? I hate it when two security sources I trust seem to disagree.

https://arstechnica.com/information-technology/2018/12/microsoft-issues-emergency-update-to-fix-critical-ie-flaw-under-active-exploit/?comments=1&start=40

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
--
"...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

[radosuafAskWoody Lounger]

Does not show up in WU with 7 days quality updates deferral set.

MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Aorus Radeon RX 570 4GB * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 10 Pro 1809 64-bit

[anonymous]

KB4483187. W7 64 Home Premium. FF64.
Installed. Reboot. OK.
I’ve IE11 permanently inhibited in ‘Add/Remove Features’.

Merry Christmas & Happy New Year !

HAPPY HOLIDAYS DON’T CUT IT !

[anonymous]

This is REALLY disgusting: you have to set the deferral of feature updates to 0 days or otherwise the update doesn’t appear. How low can you go, Microsoft? This is a SECURITY update, NOT a feature update!!!!

[numikeAskWoody Lounger]

Microsoft issues emergency update to fix critical IE flaw under active exploit

https://arstechnica.com/information-technology/2018/12/microsoft-issues-emergency-update-to-fix-critical-ie-flaw-under-active-exploit/

[LTLAskWoody Plus]

Given the fact that I personally don’t know to what extend IE is embedded in the OS and therefore endangering system wide safety, I decided to install KB 4483187 on my Group B Win7 X64 system.
All seems well.

Thanks always @woody @pkcano

**** Happy days to all ****

[geekdomAskWoody Plus]

Beta Test
Reporting on Windows 7 x64 update

– KB4483187 installed without error and the system rebooted without error.
– Firefox 65.0b5 (64-bit) in use.

Group G{ot backup} TestBeta
Win7Pro·x64·SP1·i3-3220·HDD·Microsoft Security Essentials·Windows Backup·Windows System Image·Windows Rescue Disk·Windows Firewall

[MicrofixDa Boss]

Win8.1 Pro x64 (2 devices)
no restart required after patch installation (did one anyway, habit)
no errors in event viewer pre/ post restart.
Don’t use IE, although this is integral to OS and important.
No issues with patch.
Leaving it off W10 1803 and XP for now..

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[SpeccyAskWoody Lounger]

As PKCano correctly pointed out, besides updating version numbers, the only major differences between KB4483187 (datetime stamped Dec 15, 2018) and KB4470199 (datetime stamped Nov 14, 2018) are in the specific vulnerability being patched – namely, the mshtml.dll HTML Viewer library (both 64/32 bit versions) and the jscript.dll (both 64/32 bit versions) and jscript9.dll (64-bit version) JScript engine libraries.

NOTE: Incidentally, that could also mean that the proposed workaround might not fully cover the vulnerability on 64-bit systems…

There are a few other minor differences (the 32-bit iedkcs32.dll, iexplore.exe and sqmapi.dll files have updated its embedded certificates) but these are, from a functional point of view, irrelevant: basically, KB4483187 is an updated version of (replacement for) KB4470199, patching the specific, Javascript-related vulnerability.

[David BeroffAskWoody Lounger]

Why did my Windows 7 Home Premium (ver 6.1, build 7601, SP1) system start crashing as soon as KB4483187 was installed?  I had about 5 crashes in as many hours, while I was trying to work with overseas clients, before I was able to go in and uninstall it.  I don’t ever use MSIE, and would uninstall it if I could.  No other software was installed recently, and my system is usually as stable as a rock.  (The last time I had crashing issues, I narrowed it down to Google’s Backup and Sync, which is now only run manually at night, rather than on startup, but today it was not running at all during any of these events.)  Thank you.

2 users thanked author for this post.

cesmart4125, woody

[PKCanoDa Boss]

My guess is that there is some conflict between the javascript files that were changed in the KB4483187 update and some program you are using on your computer.

What browser are you using?
What program(s) are you using when the crash occurs?
What AV program do you run?

3 users thanked author for this post.

David Beroff, Microfix, woody

[David BeroffAskWoody Lounger]

Thanks for the reply, @pkcano.  Each time, I was only using Chrome and sometimes Notepad.  Would Chrome even use any of MSIE’s JS?  I was finally able to uninstall (and “hide”) the update, and have had zero crashes, although admittedly, it’s only been an hour so far.  I’ll be more certain when I can go a week or longer.  I was most-recently using Bitdefender, but it was sucking up way too many resources, which were directly interfering with my overseas work, so I had to turn that off, and haven’t yet had a chance to replace it.

1 user thanked author for this post.

woody

[woodyDa Boss]

Please keep us posted over here.

Thanks!

1 user thanked author for this post.

David Beroff

[anonymous]

Windows 7 Pro x64 – After waiting overnight to let this settle, I installed KB4483187 requiring a re-start, all OK.
While I ususally await on Woody, in this instance it doesn’t seem the extreme risk is worth a lengthy wait on one critical security IE update. The normal wait period is usually justified by there is nothing critical, or no known exploits of a pending update fix. In this case neither is correct.
Based on my and others here, as well as other sites reported install success – I suggest you install but it is ultimately up to each individual.

Risk <-> Reward

[woodyDa Boss]

True on all counts. The problem is that I don’t see any in-the-wild reports of infections.

The PC security industry has a long, sordid history of “Sky is falling” warnings that fail to live up to their initial billing.

1 user thanked author for this post.

Microfix

[MicrofixDa Boss]

woody wrote:

The PC security industry has a long, sordid history of “Sky is falling” warnings that fail to live up to their initial billing.

Need I mention ‘Meltdown’ and nothing in the wild a year later..

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[mn–AskWoody Lounger]

Still haven’t seen any specific reports about this one in the wild, but the local national cybersecurity authority did have an official warning up about it being used in specifically targeted attacks…

Oh well. Guess it isn’t a high priority thing as long as you aren’t a target, then? (Note, no information on target grouping seems to be publicly available. Anyone want to throw wild guesses about likely targets?)

[SoulAsylumAskWoody Lounger]

For some time now, my Dell laptop would open 3 separate instances of IE on its own, without any interaction at boot time. Since the emergency release update yesterday this has also been corrected. Nice seeing that small annoyance disappear. Happy holidays to everyone!!

Cheers

[Nibbled To Death By DucksAskWoody Plus]

Bit The bullet, as Ars Tech article went on to say:

“As the flaw is being actively exploited in the wild, users are urged to update their systems as soon as possible to reduce the risk of compromise,” Narang said.

I went for it.

So far, no issues.

YMMV.

I hate it when reports of “In The Wild” are non-specific, but thought reports of install success were important too…  ?

https://arstechnica.com/information-technology/2018/12/microsoft-issues-emergency-update-to-fix-critical-ie-flaw-under-active-exploit/?comments=1&start=40

 

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
--
"...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

[Nibbled To Death By DucksAskWoody Plus]

Sorry…the comments from Narang about it being in the wild were from Krebs at:

https://krebsonsecurity.com/2018/12/microsoft-issues-emergency-fix-for-ie-zero-day/

My bad. 🙁

But when it’s on Krebs….<sigh>..remember when having a PC, and the Internet was fun?

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
--
"...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

1 user thanked author for this post.

Steve

[anonymous]

IDK what all the fuss is about ? Do I install or not install ? What do I do ?

[MicrofixDa Boss]

We are at MS-DEFCON 2 so the AskWoody advice is to do nothing until the rating rises to 3 or above 🙂

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

[anonymous]

I dont readily see any commentary regarding any problems with the update for IE for Windows 10 Pro v1803.

Did I miss it or is all going well?

[PKCanoDa Boss]

Win10 don’t get IE11 CUs. There is a whole new CU for each supported version of Win10. If you have 1709 or 1803 and have not done the December Updates, there is a new SSU you will need to install first. Links to the SSUs ate on the main blog page about DEFCON.

[anonymous]

Now I’m really confused.  Running Windows 10 Pro x64 ver 1803 – Group A, Group Policy 2

My Quality Update 10 day hold just gave me KB4471324 (12/11 update) which I was going to hide pending Defcon Rating 3.  There was also mention of an SSU KB4477137, but normally SSU’s are automatically installed with/before an update installed thru Windows Update (ie: not a manual install).

This post then shows a KB4483234 for ver 1803 and you mention a new SSU.

So, should I still hide KB4471324?

Should I set my Quality Update hold to 0 days and will KB4483234 come down? Or should I leave QU at 10 days and wait it out?  Will this KB supercede KB4471324?

When KB4483234 comes down, should I install it or hide it pending Defcon Rating 3?

If I allow installation via Windows Updater, do I need to manually install a SSU? And is it KB4477137 or is there a newer SSU?

[anonymous]

there is a new SSU you will need to install first. Links to the SSUs ate on the main blog page about DEFCON.

Sorry but where is “the main blog page about DEFCON.”

[MicrofixDa Boss]

What PKCano is saying is, the links to the SSU patches are in Woody’s Blog:

December 2018 Patch Tuesday is under way

For those of you with Windows 10, there are new Servicing Stack updates:
Win10 1709 Build 16229.846 KB 4477136
Win10 1803 Build 17134.471 KB 4477137

********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

1 user thanked author for this post.

BobbyB

[anonymous]

Microfix, thanks for the clarifications.

Could you or PK pls answer my other questions regarding bringing down, holding, and when to install the KB’s, and whether allowing Windows Updater to install the CU KB’s requires a manual download and install of the SSU beforehand.

[PKCanoDa Boss]

We are on DEFCON2 = WAIT

2 users thanked author for this post.

Microfix, BobbyB

[geekdomAskWoody Plus]

Further information regarding December patches is now here:

Where we stand with the December patches

Group G{ot backup} TestBeta
Win7Pro·x64·SP1·i3-3220·HDD·Microsoft Security Essentials·Windows Backup·Windows System Image·Windows Rescue Disk·Windows Firewall

[anonymous]

– There are still a number of programs that use some parts of Internet Explorer. E.g. the rendering machine/engine.

[Author]

Posts