Microsoft admits IE printing problems after installing the June security patches KB 4021558, KB 4022719, KB 4021558

Topic

New Reply

Remember the report about this month’s security patches and Monthly Rollups triggering problems in Internet Explorer? The behavior has been confirmed.
[See the full post at: Microsoft admits IE printing problems after installing the June security patches KB 4021558, KB 4022719, KB 4021558]

2 users thanked author for this post.

JDeC

Reply | Quote

Replies

Since I use Firefox or Chrome and never IE, would I then be at very low risk for this issue?

IOW, How common is the use IE construction in web pages?

I’m getting ready to travel and am weighing the risk of an update vs the security risk of delaying patching. I won’t be doing much printing while traveling.

Reply | Quote

I have no problem printing whole pages in IE11, and I have the updates installed.  I never could print part of a page in IE11, but I can in Firefox using an extension.  I hardly use IE11, except for making purchases on one or two retail sites, where Firefox does not seem to work.

When I use CCleaner, I find that IE11 seems to collect data, although IE11 is not used.  Does anyone know why?

 

2 users thanked author for this post.

JDeC, MrToad28

Reply | Quote

I noticed the same thing in regards to IE11 and CCleaner. I have Firefox as default, Glad to see your post about that, thought it was just me being IE paranoid 😉

Group B HP Pavilion-dv6 Win7x64 Home Premium-Intel Core i5-3210M CPU

Reply | Quote

IE is an integral part of the Windows OS and as such is used by other parts of the system. That is why it is so important that you keep it up to date, even if you are not using it as your browser.

1 user thanked author for this post.

JDeC

Reply | Quote

This happens because some update windows and other app windows reach out to the Internet in the background. And they are using elements of IE to do this. Many programs get updates for live data this way. So even if you aren’t opening an IE window, you are probably using IE in the background. Such is the deep intertwining which still exists between IE and Windows.

In the future we will probably see Edge take on a similar role.

I just clean up the mess with Glary Utilities and CCleaner and get on with my life. IE gets patched every time Windows 10 pushes out its all-in-one Cumulative Updates. Often more than once per month.

-- rc primak

Reply | Quote

So the fix is to uninstall the patches and leave a huge open door to ransomware.  I don’t think so.

Reply | Quote

Because I share your concern about ransomware and doubt Microsoft is capable of providing reliable protection, I’ve installed CryptoPrevent to lock the doors and either Ransomfree or Malwarebytes anti-ransomeware each of which provides honeypot behavioral protection. Cryptoprevent for over a year and Ransonfree & MB-AR for a month..since W-cry. Only problem is that sometimes 5-10% Ransomfree won’t start with the PC and I either restart or run without it.

I’m running these on 8 windows 7 64 PC’s, so if you’re running Win10 YMMV.

1 user thanked author for this post.

Reply | Quote

anonymous wrote:

So the fix is to uninstall the patches and leave a huge open door to ransomware. I don’t think so.

 

Yes and No.  To correct the printing problem you do have to uninstall KB4021558 or KB4022719 or KB4021558.  While in the case of the latter two KB’s you would also be uninstalling the critical security updates contained in the rollups you can reapply those by installing the June 2017 Security Only Quality Update appropriate for your flavor of Windows and just avoid using IE until Microsoft gets its update s**t together … which is clearly, and most likely deliberately, never going happen with Satya at the helm.

Viper

Reply | Quote

MrToad28 wrote:

Since I use Firefox or Chrome and never (Very rarely for me) IE, would I then be at very low risk for this issue? IOW, How common is the use IE construction in web pages? I’m getting ready to travel and am weighing the risk of an update vs the security risk of delaying patching. I won’t be doing much printing while traveling.

I’m lost on the Website construction tie-in to IE 11 referenced by MrToad, BUT it seems Non or Rare Users of IE 11 using other Browsers have no issue Installing the Offered Updates.

True?

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

1 user thanked author for this post.

JDeC

Reply | Quote

So far, this is the most significant problem I’ve seen with this month’s patches.

If you don’t use IE, you can safely ignore it.

5 users thanked author for this post.

CraigS26, SueW, JDeC, MrToad28

Reply | Quote

From https://support.microsoft.com/en-us/help/4021558/cumulative-security-update-for-internet-explorer-june-13-2017:

“This problem has also been observed in both Internet Explorer 11, and in applications that host the IE Web Browser Control.”

Reply | Quote

As I posted earlier, IE (and soon Edge) is deeply embedded in the Windows OS. Elements of it are used by many applications without ever opening a visible, recognizable IE window.

-- rc primak

1 user thanked author for this post.

ch100

Reply | Quote

MrToad28 wrote:

I’ve installed CryptoPrevent to lock the doors

FYI: http://www.pcmag.com/review/353931/cryptoprevent-premium-8

1 user thanked author for this post.

MrToad28

Reply | Quote

I haven’t seen it to be intrusive..because I just use the default settings. It’s concerning that they found it ineffective.  Brinkman @ghacks was kinder https://www.ghacks.net/2017/01/09/cryptoprevent-8-windows-malware-prevention-software/  but stressed it should be supplemental.

The combination of Cryptopervent Ransomfree data backup and safe patching seems a better way to go than relying on any single measure.

Reply | Quote

I was running CryptoPrevent 8 for awhile as well and noticed that it was interfering with normal CPU operation and causing 100% CPU usage when it most definitely shouldn’t be. When I would right-click save a picture on DuckDuckGo images, it would cause a hang and a very slow loading of the “Save As..” dialog box as well as lag when navigating folders in that window.

I also do gaming videos for legacy game systems using emulators and it was interfering with simply opening them. Specifically, simply opening (not emulating anything) PCSX2 would cause the CPU to max out at 100% for 5-10 seconds, then it would be fine. It also did that with other emulators, but didn’t do it immediately after a reboot. It would start happening about 3-4 hours afterwards.

I originally suspected the December Security-Only update since I had recently installed it, but upon closer inspection of the Resource Monitor in the task manager, it was CryptoPrevent causing all the issues despite these programs being whitelisted. This happened on both Default and Maximum settings. I then found articles like the one above saying it doesn’t even work, so I uninstalled it and all problems vanished. I will be replacing it with MalwareBytes Anti-Ransomware Beta as soon as I get around to rebooting again.

Anyway, just supplying a data point.

Reply | Quote

FWIW, I applied the June patches to 4 PC’s 2 Win7-64 Pro desktops and 2 Win7-64HomePrem laptops with no adverse impacts seen.

I never use IE, but I tested printing pages from firefox on 2 pc’s and had no problem. I don’t use Outlook…so no impact there.

This article  http://windowsreport.com/kb4022719-bugs/ mentioned Install  problems – error codes..I never saw that.

I used lot’s restore points and the 2 desktops are primarily used to test for problems.

YMMV.

1 user thanked author for this post.

JDeC

Reply | Quote

A possible workaround that involves creating a folder: https://www.reddit.com/r/sysadmin/comments/6hfq4p/kb4022715_and_kb4022719_are_causing_print_issues/diyhqyo/.

Reply | Quote

Successful “Grp A” Win 7-64 Update with KB4022719 Monthly Rollup, (6) Office 2010, (1) Word ’10. (1) Outlook ’10, (2) Security Updates and MSRT.

Hi-Lighted Part of a page and Clk’d Print “Selection” and it did.

I’m clk’ing links in circles looking for a List of KB #s Included in the Win 7-64 Rollup Pkg (ie) HOW would you know that any IE 11 Update is included without the “This-Rollup-Includes-These-KB’s List?

Does such a re-usable (ea month) Site Link exist to that data? Many Thanks!

W10 Pro 22H2 / Hm-Stdnt Ofce '16 C2R / HP Envy Desk-Ethernet - SSD-HDD/ i5(8th Gen) 12GB / GP=2 + FtrU=Semi-Annual + Feature Defer = 1 + QU=0

Reply | Quote

The “Security Monthly Quality Rollup” contains three parts: non-security patch, security-only patch, and the cumulative update for IE11.

For example, the June “Security Monthly Quality Rollup” for Win7 contains the equivalent of:
1. KB 4019265 May “Preview of Monthly Quality Rollup” (non-security patches – offered through WU as unchecked optional on the third Tuesday of the previous month)
2. KB 4022722 June “Security Only Quality Update”
3. KB 4021558 June Cumulative update for IE11

Good luck breaking it down further than that.
You can find this information on MS’s Description of Software Update Services

1 user thanked author for this post.

CraigS26

Reply | Quote

From CVE-2017-8529 | Microsoft Browser Information Disclosure Vulnerability:

“06/27/2017 Microsoft is announcing the release of the following updates to address a known issue customers may experience when printing from Internet Explorer or Microsoft Edge: 4032782 for Internet Explorer 10 on Windows Server 2012, Internet Explorer 9 on Windows Server 2012; 4032695 for Internet Explorer 11 and Microsoft Edge on Windows 10; 4032693 for Internet Explorer 11 and Microsoft Edge on Windows 10 1511; 4022723 for Internet Explorer 11 and Microsoft Edge on Windows 10 1607; 4022716 for Internet Explorer 11 and Microsoft Edge on Windows 10 1703; 4022720 which is the monthly rollup preview for Windows 8.1 and Windows Server 2012 R2; 4022721 which is the monthly rollup preview for Windows Server 2012; 4022168 which is the monthly rollup preview for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1.  This update removes the protection from CVE-2017-8529. All updates are available only on the Microsoft Update Catalog, with the exceptions of 4022720, 4022721, 4022168, and 4022716, which are also available through Windows Update.”

1 user thanked author for this post.

PKCano

Reply | Quote

Manual step is needed to fix CVE-2017-8529 after installing September updates

Reply | Quote