Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Patches for Internet Explorer Zero-Day Causing Problems for Many Users

Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.

Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.

Tracked as CVE-2019-1367, the flaw was classified as a memory corruption bug that could lead to remote code execution. Internet Explorer 9, 10 and 11 were found impacted, and attackers were already targeting the vulnerability, Microsoft said last month.

Adversaries looking to exploit the vulnerability would have to trick unsuspecting victims who use vulnerable versions of Internet Explorer into visiting a malicious website.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explains in its advisory.

On October 3, the tech giant decided to push another set of patches for the vulnerability, explaining that some users experienced certain printing issues following the installation of the initially released patches.

“To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows,” the company says.

While Microsoft says the cumulative patches are meant to address issues users have experienced with their printers following the installation of the initial fix for CVE-2019-1367, some complain that the out-of-band update is actually the one to cause problems.

Advertisement. Scroll to continue reading.

Users took to BornCity and other websites to complain, revealing that the cumulative update is causing printing and boot issues, and, in some cases, is causing the start menu to crash.

The IE Cumulative updates, Microsoft explains, are separate from the October Update Tuesday release, which is scheduled for tomorrow, October 8.

Related: Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks

Related: Google Discloses Actively Exploited Windows Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.