On September 23, Microsoft announced an out of band update for Windows 10 that addressed a bug in the way Internet Explorer handles objects in memory. If utilized by an attacker, the flaw could let them take control of a victim’s PC via a specially crafted website.
At the time, we recommended that users who didn’t want to wait for a fix downloaded it manually. A week and a half after the initial rollout, it’s finally available to all users via the Windows Update service.
Microsoft says this update is ‘required’, and also fixes a recent printing issue users have experienced:
“Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error,” read the notes.
As ZDNet’s Liam Tung points out, it seems the security patch itself caused these printing issues. Yesterday, Microsoft updated its advisory revisions to include a second version that explained the cause in more detail.
“To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows,” said Microsoft.
The flaw affects Windows Server 2008, 2012, and 2019, as well as Windows 7, 8.1, and 10. It seems probable the print error was a reason behind the delay, but Microsoft didn’t explicitly state why the rollout took so long.