Synopsis: Update all Windows computers running all versions of Windows now!

Excerpt:

Microsoft finally releases IE 0-day patch via Windows Update, also solving printing issues caused by original fix.

Microsoft has issued an out-of-band required update for all versions of Windows, rounding out the patch it released on September 23 to address an already-exploited flaw in Internet Explorer. 

Initially, Microsoft only released the out-of-band patch for CVE-2019-1367 on the Microsoft Update Catalog, which users needed to manually download. 

But Microsoft has now released it through Windows Update and Windows Server Update Services (WSUS) to distribute it more widely to end users. "This is a required security update that expands the out-of-band update dated September 23, 2019," The decision not to release the patch through Windows Update and WSUS caused some confusion. Why create a patch and then not distribute automatically to all Windows users until now? 

The IE scripting engine flaw was found by Clement Lecigne of Google's Threat Analysis Group, and Microsoft raced out the patch within days. It's likely that the vulnerability was being used to target a narrow section of Windows users. It's also not clear how much time Microsoft was able to spend regression testing its patch before releasing it. Lecigne also discovered a publicly-unknown bug in Chrome and one affecting Windows 7 in February. The flaws were being used in tandem to attack targeted users. 

Google released a patch for Chrome and disclosed the existence of the Windows 7 flaw before Microsoft was able to release its patch. At this stage, Lecigne has not published any details about the IE flaw. 

The new Windows out-of-band update also addresses a bug that caused print jobs to fail. "Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error," explains Microsoft. And it appears that the printing issue was caused by the patch for the IE flaw. 

Microsoft also stressed that the current required update doesn't replace the upcoming October Patch Tuesday on October 8."

The full article with related hotlinks can be found here: https://www.zdnet.com/article/windows-out-of-band-patch-microsofts-mandatory-security-update-is-for-all-versions/?ftag=TRE-03-10aaa6b&bhid=

Thanks.  I did the update.  It was very quick and everything seems fine.

YW Rich. It seems pretty stable. About time too!

Now hearing this update causes problems with the Start menu ☹️

Safe Travels... 

I just did all the laptop manufacturer's updates a couple of weeks ago.  And forgot to check them before doing the MS update.  Fortunately, no problems.  Be sure to check the computer maker's updates first.  I'll bet that some did not, thus reports of problems.

Thanks Roger.

I did not have any issues on my Surface pro or Lynn's Lenovo All in one touchscreen system. Some are reporting issues:

"The KB4524147 Cumulative Update for Windows 10, version 1903 is causing the Windows Start menu to crash with a critical error according to numerous user reports.

KB4524147 was released yesterday as an out-of-band security update together with a standalone IE Cumulative Update and some monthly rollup updates, and it is designed to address a printing issue plaguing all supported Windows client and server versions.

The printing issues experienced by Windows customers were triggered by the September 23 Security Updates or IE Cumulative updates that patched the CVE-2019-1367 security vulnerability.

While Microsoft says that they are not currently aware of any issues with this update, users have been reporting having their start menus broken [1, 2, 3, 4] after installing KB4524147, as well as still experiencing issues while trying to print using several printer models [1, 2, 3, 4].

Start Menu error (Chaori)

Uninstalling the cumulative update

Since Microsoft hasn't yet acknowledged the new start menu issues and an official workaround is not yet available, uninstalling the KB4524147 CU should fix them.

Before uninstalling the KB4524147 Cumulative Update, you should know that you would also be removing mitigation for the Internet Explorer scripting engine security vulnerability (CVE-2019-1367).

If you are willing to trade a security downgrade over a functional Windows Start menu, follow the procedure described below to remove the KB4524147 update.

Microsoft says in the update's details from the Microsoft Update Catalog that KB4524147 can be removed "by selecting View installed updates in the Programs and Features Control Panel."

The step by step procedure needed to uninstall this update requires you to open Control Panel, go to Programs > Programs and Features, and click on View installed updates in the left sidebar.

Next, right-click on the KB4524147 entry in the list and confirm when asked if "Are you sure you want to uninstall this update?". Next, you'll have to click 'Yes' when asked and then restart your device.

Uninstalling the KB4524147 update

Edited October 6 by RV_