All we had to do was wait.
If you recall, on Sept. 23 Microsoft posted manual patches for the CVE-2019-1367 Internet Explorer zero-day hole, and the blogosphere went wild with warnings of imminent doom. Predictably, we haven’t seen any real-world attacks, but the bugs those patches introduced were very real.
On Sept. 24, we saw those same buggy patches in a different form — melded into “optional, non-security” cumulative updates and “Monthly Rollup Previews” for all versions of Windows. (The 1903 patch, buggy as all the rest, arrived on Sept. 26.)
Apparently unsatisfied with the “optional” nature of all the patches to that point, on Oct. 3, Microsoft pushed a massive series of out-of-band real cumulative updates and Monthly Rollups. The bugs had a field day.
We discovered a description hidden behind a Microsoft E5 (read: $690/year) paywall that leads to a rather simple conclusion: If you don’t use Internet Explorer and set some other browser as your default browser, you’ll avoid the known IE infection vector "mostly around Middle Eastern and North African affairs."
Tempest, meet teapot.
The bugs associated with those patches are legion:
- Print spooler crashes (some associated with the first patch; others with the third)
- Start menu bugs
- “VMWare Workstation Pro can’t run on Windows” warnings
- Various installation and bluescreen bugs
Yesterday, we got the fourth round of IE zero-day patches as part of the usual Patch Tuesday shenanigans.
The Patch Tuesday lot seems rather tame — 59 separately identified security holes plugged, no “Public” or “Exploited” patches. A big bunch of Servicing Stack Updates, but if you use Windows Update you don’t have to worry about those; they’re installed automatically.
The official Windows Release Information Status page has a new update:
Intermittent issues when printing
Applications and printer drivers that leverage the Windows Javascript engine (jscript.dll) for processing print jobs might experience one or more of the following symptoms:
- Applications interacting with the V4 printer driver might close or error when printing. Issues might only be encountered when printing but might also be encountered at any time the app is running, depending on when the app interacts with the print driver.
- The printer spooler service (spoolsv.exe) might close or error in jscript.dll with exception code 0xc0000005 causing the print jobs to stop processing. Only part of the print job might print and the rest might be canceled or error.
Affected platforms:
- Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
- Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4517389.
And there’s a new “resolved” date:
- Resolved: October 08, 2019 10:00 AM PT
- Opened: September 30, 2019 06:26 PM PT
Remarkably, all the reports I’m seeing early Wednesday morning say the printing issue has been solved. If you were … let’s say, convinced … that you needed to install versions 1, 2, or 3 of the CVE-2019-1367 patch (including the pushed update on Oct. 3), all you need do to get rid of the inflicted printer problems is to install the latest cumulative update for your version of Windows.
Mind you, the Knowledge Base articles for the latest patches — for example, the Win10 version 1903 patch known as KB 4517389 — don’t even mention the bugs, other than saying:
Addresses an issue with applications and printer drivers that utilize the Windows JavaScript engine (jscript.dll) for processing print jobs.
Which somehow neglects to mention that the “issues” were brought on my Microsoft’s first, second and third CVE-2019-1367 patches. But whatever.
Some folks who installed the latest Win10 1809 patch, KB 4519338, may have the build number reported as 17763.805, when it should be 17763.806. No need to panic. An anonymous poster on AskWoody says:
805 was the first build. 806 is an updated version released a few hours later with the following note:
Note This release also contains updates for Microsoft HoloLens (OS Build 17763.806) released October 8, 2019. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.
There are more installed patch oddities — including the inability to uninstall the latest patches, or having the patches listed as installed twice — discussed here on AskWoody.
All in all, the October 2019 Patch Tuesday patches are off to a good start. As usual, though, I recommend that you hold off on installing the patches until they’ve had a chance to stew (or decompose?) a bit.
Let us know if you find any problems on the AskWoody Lounge.