question about recent IE patch

[anonymous]

hello, im a win 7 ultimate 64bit user. all update i install so far from windows update is security rollup, my last security rollup is January 2018 and 1 patch for Total Meltdown i think.

i check my IE version and its still IE 8, what i want to know is

1. is the recent problem affect older version like IE 8 too on win 7? and will the patch included in security rollup for january 2019?

2. anyone know what will happened if i do the workaround by restrict the jscript.dll? will it just mostly affect my browsing if i use IE, or will it affect other programs/browser too?

3. anyone know if there is programs that already installed in win 7 that will be affected if i restrict jscript.dll?

4. i read about the exploit can happened on apps/programs using IE scripting engine, and most of them only list program like office, pdf and other document files.

so that means i still need to download malicious files where the program used to open that files using IE scripting engine?

i mostly using this pc for gaming, and watching video on youtube, and maybe downloading some videos sometimes, never use this pc for works.

hope someone can give me an answer, and sorry about my bad english

Reply | Quote

[PKCano]

anonymous wrote:

1. is the recent problem affect older version like IE 8 too on win 7? and will the patch included in security rollup for january 2019?

The recent vulnerability affects IE8 on XP and IE11 on Win7. There are patches for both. But to my knowledge there is no patch for IE8 on Win7.

anonymous wrote:

2. anyone know what will happened if i do the workaround by restrict the jscript.dll? will it just mostly affect my browsing if i use IE, or will it affect other programs/browser too?

There is no information here yet on what is affected by the workaround. I suspect whatever programs use the IE scripting engine would be affected. That would be according to what programs each individual has installed on their machine.

Maybe it’s time for you to update to IE11 on Win7, as IE8 is no longer supported on that platform.

2 users thanked author for this post.

geekdom, SueW

Reply | Quote

[anonymous]

hello, thanks for the reply, i never use IE so far, so i never thought to update it.

so there is a possibility that the vulnerability affect IE 8 on win 7 too then

if i update the security patch for the vulnerability by installing January 2019 rollup later, will the files version(jscript.dll) on my pc still get updated to mitigate the vulnerability? (assuming im still on IE8)

i check my jscript.dll and its last modified is on January 2018 ( thats the last time i install security rollup, so i think the files still get updated even if im still on IE8?)

is installing the January 2019 rollup later will be enough to mitigate the vulnerability without updating to IE 11? since the workaround is about restricting jscript.dll so if the jscript.dll still get updated then it should be okay?

sorry if i ask too many questions 🙁

Reply | Quote

[PKCano]

IE will be vulnerable if you do not patch it (not only this vulnerability, all the ones you have missed by not patching). Even if you do not use IE as your browser, some parts of the OS use it and other programs may use it.

The January Monthly Rollup will contain the fix for the current vulnerability for IE11. The updates for IE11 contained in the Rollup are cumulative. So IE11 will be completely up to date. I am not sure it will cover IE8 on Win7. And since IE8 is no longer supported on Win7, any other vulnerabilities that affect it are not necessarily covered either.

Reply | Quote

[anonymous]

hello, sorry for the late reply, so i guess i have to update 1st to IE11 then

i check my windows update and i have some questions, here is what i saw that i think connected to updating to IE11

1. Internet Explorer 11 for x64 Win 7

2. Cumulative Security Update for IE 8

can i just install IE 11 or do i need to install CU for IE8 first?

and i search using google and found this https://support.microsoft.com/en-us/help/2847882/prerequisite-updates-for-internet-explorer-11

do i need to find each of the update listed on the website on my windows update and install them first before installing IE 11 or will installing IE 11 from windows update will be just fine?

 

i tried to find about IE vulnerability in the past and all the attack vector that i saw from the article is always around browsing to malicious website or downloading files or document where the software to open that document/files using IE rendering/scripting engine

as i already said before i planned to wait till January monthly rollup. is it okay to assume that i will be safe from any IE vulnerability as long i dont use the pc to browsing or downloading files, maybe only for online gaming tho? or is there any attack vector that happened before that i miss?

maybe like IE can be exploited as long you connect to internet even if you dont browsing or download anything?

Reply | Quote

[PKCano]

If you use Windows Update to install the patches and IE11, you should not have to look up all the updates beforehand. Windows Update should take care of it for you.

The only update I would install prior to doing the rest is the latest Servicing Stack KB3177467. Be sure you download the latest version dated 10/20/2018 and the right bitedness (x86=32-bit, x64=64-bit). After you install it manually, wait 20 minutes for the install to complete, then reboot your computer. Search for updates, be sure IE11 is checked, and install all the checked updates. If IE11 is in the “optional update” list, check it and KB2670838 Platform Update. then click OK.

If you don’t want to install the telemetry patches, hide KB2952664, KB3021917, KB3068708, KB3080149, and KB3184143 (if they are in the list and checked) before you start.

Reply | Quote

[Author]

Posts