Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Patches for Internet Explorer Zero-Day Causing Problems for Many Users

Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.

Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy.

Tracked as CVE-2019-1367, the flaw was classified as a memory corruption bug that could lead to remote code execution. Internet Explorer 9, 10 and 11 were found impacted, and attackers were already targeting the vulnerability, Microsoft said last month.

Adversaries looking to exploit the vulnerability would have to trick unsuspecting victims who use vulnerable versions of Internet Explorer into visiting a malicious website.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft explains in its advisory.

On October 3, the tech giant decided to push another set of patches for the vulnerability, explaining that some users experienced certain printing issues following the installation of the initially released patches.

“To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows,” the company says.

While Microsoft says the cumulative patches are meant to address issues users have experienced with their printers following the installation of the initial fix for CVE-2019-1367, some complain that the out-of-band update is actually the one to cause problems.

Users took to BornCity and other websites to complain, revealing that the cumulative update is causing printing and boot issues, and, in some cases, is causing the start menu to crash.

Advertisement. Scroll to continue reading.

The IE Cumulative updates, Microsoft explains, are separate from the October Update Tuesday release, which is scheduled for tomorrow, October 8.

Related: Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks

Related: Google Discloses Actively Exploited Windows Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.