Manual step is needed to fix CVE-2017-8529 after installing September updates

Topic

New Reply

From CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability:

“To address known print regression issues customers may experience when printing from Internet Explorer or Microsoft Edge after installing any of the June security updates, monthly rollups, or IE cumulative updates, Microsoft has released the following September security updates: Internet Explorer Cumulative Update 4036586; Monthly Rollups 4038777, 4038799, 4038792; Security Updates 4038781, 4038783, 4038782, and 4038788 for all affected editions of Microsoft Edge and Internet Explorer when installed on supported editions of Windows. Please note that with the installation of these updates, the solution to CVE-2017-8529 is turned off by default to help prevent the risk of further issues with print regressions, and must be activated via your Registry. To be fully protected from this vulnerability, please see the Update FAQ section for instructions to activate the solution.“

1 user thanked author for this post.

DrBonzo

Reply | Quote

Replies

Instructions in the link in the first post have been updated.

2 users thanked author for this post.

DrBonzo, woody

Reply | Quote

I missed this until just now.

If I install any of the September updates listed above in the quoted material, then I’ve made myself vulnerable to CVE-2017-8529 and the only way to then protect myself from this CVE is to go into the registry and modify it at my own risk. Is that correct!!??

And to make matters worse, apparently KB4038777 (Rollup for Win7) and KB4036586 Security update for IE11 on Win 7) may also potentially disable IE 11, and since I have a Dell, potentially break the activation (to be honest, I’m not really sure what that means or what the symptoms are but it sounds like my Win7 license will no longer be recognized).

I don’t consider myself a computer idiot, but I’ve never been in the registry because I know really bad things can happen. I’ll bet the typical home user has no idea what the registry even is, which means MS is basically hanging a sizable number of customers out to dry. Is there any chance at all that they will fix this in an October update?

I kept hoping things would get better after the random BSODs in the July Win7 updates but they’re getting worse. Looks like a trip to the Apple store this weekend and some tweaks on my newly installed Ubuntu on old Vista machines. Sorry for the partial rant here, but this is almost unbelievably frustrating.

Reply | Quote

If I install any of the September updates listed above in the quoted material, then I’ve made myself vulnerable to CVE-2017-8529 and the only way to then protect myself from this CVE is to go into the registry and modify it at my own risk. Is that correct!!??

Right. The updates from the few months before September also fixed the print regression issue by making users vulnerable to CVE-2017-8529. The difference with the September update is that the user now has the choice of what to do via the registry change. (I did not apply the registry change.)

1 user thanked author for this post.

DrBonzo

Reply | Quote

So, we’re left to choose what we think is the lesser of two evils. Although I assume that you think the CVE vulnerability is less important than the printing snafu?

Reply | Quote

So, we’re left to choose what we think is the lesser of two evils.

Right. I don’t like the idea of having unfixed vulnerabilities in important software, but on the other hand CVE-2017-8529 isn’t as bad as some other kinds of vulnerabilities (see third paragraph in that link).

Prior discussion: https://www.askwoody.com/2017/microsoft-admits-ie-printing-problems-after-installing-the-june-security-patches-kb-4021558-kb-4022719-kb-4021558/.

Reply | Quote