Security Experts:

Patches for Internet Explorer Zero-Day Causing Problems for Many Users

Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.

Tracked as CVE-2019-1367, the flaw was classified as a memory corruption bug that could lead to remote code execution. Internet Explorer 9, 10 and 11 were found impacted, and attackers were already targeting the vulnerability, Microsoft said last month.

Adversaries looking to exploit the vulnerability would have to trick unsuspecting victims who use vulnerable versions of Internet Explorer into visiting a malicious website.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explains in its advisory.

On October 3, the tech giant decided to push another set of patches for the vulnerability, explaining that some users experienced certain printing issues following the installation of the initially released patches.

“To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows,” the company says.

While Microsoft says the cumulative patches are meant to address issues users have experienced with their printers following the installation of the initial fix for CVE-2019-1367, some complain that the out-of-band update is actually the one to cause problems.

Users took to BornCity and other websites to complain, revealing that the cumulative update is causing printing and boot issues, and, in some cases, is causing the start menu to crash.

The IE Cumulative updates, Microsoft explains, are separate from the October Update Tuesday release, which is scheduled for tomorrow, October 8.

Related: Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks

Related: Google Discloses Actively Exploited Windows Vulnerability

view counter