7- Thorium

Microsoft "emergency patch"

Anybody install the new Microsoft "emergency patch" KB4522007 for IE11 yet?

Cumulative security update for Internet Explorer: September 23, 2019

This security update resolves a vulnerability in Internet Explorer. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

  • Applies to: Internet Explorer 11 on Windows Server 2012 R2
  • Internet Explorer 11 on Windows Server 2012
  • Internet Explorer 11 on Windows Server 2008 R2 SP1
  • Internet Explorer 11 on Windows 8.1 Update
  • Internet Explorer 11 on Windows 7 SP1
  • Internet Explorer 10 on Windows Server 2012
  • Internet Explorer 9 on Windows Server 2008 SP2

There are some prerequisites for this update so read Before installing this update at the link above, and -of course- a number of known issues are already listed there too.

I haven't been offered this update on my Win 7 system, as of today. I'm reluctant to check my Win 10 system because I still haven't installed the Sept'19 updates which caused all sorts of problems and I don't know if they pulled that one or fixed it...

 

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
7 Replies
7- Thorium

Re: Microsoft "emergency patch"

Note:

This patch won't be available via Windows Update. You can find it here for older versions of Windows but not for Win 10.

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
joe53
5 Rhenium

Re: Microsoft "emergency patch"

 

I'm not sure if we are talking about the same patch, but I downloaded and installed yesterday an emergency out-of-band-update (KB4522016) for IE11 on Win 10 (V 1903) without problems. It was not obtained from Windows Update - I had to do it manually. More info:

https://support.microsoft.com/en-us/help/4522016/windows-10-update-kb4522016

I am very disappointed that MS communicates these out-of-band updates so obscurely.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
7- Thorium

Re: Microsoft "emergency patch"

@joe53  - Don't know if it's the same emergency patch. Obviously, it has a different KB number and there's nothing listed for Win 10 on the page I linked. They at the very least should have put a link to the page you linked if it has a different KB number for Win 10.

Your link says: "If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device."

That suggests they put it together with some older IE updates and gave it a different KB number. Guess it's possible some previous IE update(s) is required before the new one is installed, so this way MS ensures Win 10 PCs are ready for the newest one.

Agree 100% that MS released this one in back-handed way. How many people will even know an emergency update exists or that it won't come via Windows Update?

And that makes me wonder why they went outside Windows Update for this...??
😕  🤔  🙄

 

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
7- Thorium

Re: Microsoft "emergency patch"

Uh-oh...

Just installed the IE11 update on my Win 7Pro, 32-bit PC. Took a long time to install before asking to reboot.

When I got back to the desktop, the icon for the standalone version of MBAE was missing from the taskbar. I checked in services.msc and MBAE service wasn't running even though set to Automatic. Tried to start it, but popup says "file not found".

Found mbae.exe and double-clicked it so now appears as a process in Task Manager, but the MBAE service still won't start in services.msc.

I don't need these MS-induced headaches... 😩

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
7- Thorium

Re: Microsoft "emergency patch"

Double-uh-oh...

The IE11 update KB4522007 is shown as "successful" in the Windows Update history, and I -obviously- have a working internet connection and I'm using IE11 to make this post so IE is working after the update. 

But, Windows Update isn't working now - just searches endlessly. Worked yesterday.

And trying to update Microsoft Security Essentials virus definitions directly in MSE also searches endlessly.

A system restore point was set before the IE update was installed today so I may have to use it to go back and hope MBAE and WU work again afterwards...

 

 

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos
joe53
5 Rhenium

Re: Microsoft "emergency patch"

According to ghacks, both KBs address the same IE 11 vulnerability:

https://www.ghacks.net/2019/09/24/microsoft-releases-emergency-internet-explorer-security-update/

In Win 10, after installing the patch, I have no problems using Windows Update. Needless to say, I'm in no rush to patch my Win 7 systems.

_________________________________________


Dell Forum Member since 2,000


 Use OpenDNS   MalwareBytes' Anti-Malware Free


Windows 7/sp1 (64- Bit): Malwarebytes 3.x Premium, Windows Firewall, WinPatrol PLUS, Emsisoft Emergency Kit Free and HitmanPro Free (on-demand scanners), OpenDNS, MVPS Hosts file, SpywareBlaster, Pale Moon web browser, Sandboxie, CCleaner Free.


Windows 10 Pro (64- Bit): Same protection plus Windows Defender AV.


"In the future, everyone will be anonymous for 15 minutes" - Banksy

0 Kudos
Highlighted
7- Thorium

Re: Microsoft "emergency patch"

Installed the IE11 update on my Win 10 Pro, 64-bit laptop without any problems.

Decided to take a less drastic approach to fixing the issues after installing this update on my Win 7 Pro, 32-bit desktop, rather than just doing a System Restore which would remove the IE11 update.

Uninstalling with Revo and reinstalling the MBAE standalone v1.13.1.117 fixed this problem. And after several reboots, MBAE is running normally and putting its icon on the taskbar.

As for the issues with Windows Update and MSE's own definitions updater, I ran the WU troubleshooter. It found/fixed something and now both of these are working - at least until the next time MS messes everything up again.

Ron

   Forum Member since 2004
   I am not a Dell employee

0 Kudos