Last week Microsoft released KB 4532695, a dual-purpose Win10 version 1903 and 1909 “optional, non-security, C/D Week” patch. Most of us expected a fix for the File Explorer Search bar bugs that have been described and dissected (but not officially acknowledged) for more than two months.
I, personally, also held out hope that Microsoft would fix yet another bug in the Internet Explorer JScript engine that warranted a Security Advisory in January. Yes, I know that the “optional, non-security” patches aren’t supposed to fix security holes, but … hope springs eternal.
On the File Explorer Search bugs: Windows guru Rafael Rivera tweeted shortly after the patch hit:
Unfortunately, it's still a crummy experience. For example, it takes two clicks at times to reset the caret position, stopping you dead in your tracks. Search box continues to be a façade that can't be right-clicked until it's activated (e.g. via left-click). Advanced Query Syntax keywords, operators, and filters are no longer highlighted in blue, either. And deleting items didn't make it in. I doubt we'll see that get serviced; we'll likely have to wait for 20H1 release [Win10 version 2004] to get that [feature].
Mayank Parmar, on Windows Latest, says:
Microsoft has yet to acknowledge the new problems with Explorer and there don’t appear to be any workarounds. If you have installed Windows 10 November 2019 Update [version 1909], you have to accept the possibility of experiencing issues with File Explorer and Control Panel.
As best I can tell, Microsoft has never acknowledged the bugs, in spite of fixing them in a series of updates for the still-in-beta Win10 version 2004. They aren’t mentioned on the Release Information Status page.
On the JScript fix, I initially said that KB 4532695 changes the jscript.dll file that’s at the center of the numerous security holes, and hoped that it fixed this latest JScript bug. My hopes were dashed when Mitja Kolsek, of 0patch fame, tweeted:
We tested it and KB4532695 does NOT modify jscript.dll. It does modify mshtml.dll (which we micropatched) but not in a way that would prevent jscript.dll from getting loaded. So it's really unlikely that this KB does anything for CVE-2020-0674.
Zero for two.
KB 4532695 has drawn lots (and lots!) of fire in the press for putting “Millions” of Win10 users at risk for blue screens. From what I’ve seen, it’s not considerably worse than most “optional, non-security” Win10 patches — but it’s undeniably having lots and lots of installation problems.
Fortunately, you’ll only get the patch if you download and install it manually, or if you get suckered into clicking “Download and install now” on an Optional updates available notification.
We’re watching you, KB 4532695, on AskWoody.com.