![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/09\/windows_patch_security3-100734732-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Woody Leonhard| Date: Fri, 21 Dec 2018 08:21:00 -0800<\/strong><\/p>\n Just when you\u2019re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn\u2019t pass the smell test.<\/p>\n Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:<\/p>\n Win10\u00a01809<\/strong>\u2013 KB 4483235<\/a>\u00a0\u2013 build 17763.195<\/p>\n Win10\u00a01803<\/strong>\u2013 KB 4483234<\/a> \u2013 build 17134.472<\/p>\n Win10\u00a01709<\/strong>\u2013 KB 4483232<\/a> \u2013 build 16299.847<\/p>\n IE 11 on Win7 and 8.1 \u2013 KB<\/a> 44831<\/a>87<\/a><\/p>\n As Gregg Keizer explains in his Computerworld<\/em> analysis<\/a>:<\/p>\n Microsoft issued a rare emergency security update to plug a critical vulnerability in the still-supported IE9, IE10 and IE11. The flaw was reported to Microsoft by Google security engineer Clement Lecigne. According to Microsoft, attackers are already exploiting the vulnerability, making it a classic “zero-day” bug.<\/p>\n That\u2019s what Microsoft claimed; from the description it sounds like a drive-by hole, where you can get infected by merely looking at a bad website. But in spite of dire warnings from many corners, there\u2019s exactly no information about the vulnerability making the rounds. In a situation like this, one would expect some sort of detailed explanation from Microsoft, Google or Lecigne. As of early Friday morning, we\u2019ve seen nothing. \u00a0<\/p>\n Perhaps all the explainers are already beset with visions of sugarplums, but it\u2019s mighty odd for an emergency patch to hit the offal fan with nary a hint of what\u2019s wrong, or why it needs to be fixed with such abandon. This isn\u2019t a garden variety \u201cC\u201d or \u201cD\u201d week non-security patch. It\u2019s a full 10-claxon call to arms at a time when most people are taking an early vacation. Or at least a languid liquid lunch.<\/p>\n To add to the urgency, Microsoft Thursday night issued a similar tiny IE patch for the latest beta test round of the next version of Win10 \u2013 KB 4483187<\/a> brings the \u201c19H1\u201d beta build up to 18305.1003. So something\u2019s afoot, but we don\u2019t know what.<\/p>\n As most of you know, patching IE isn\u2019t just for people who actually use IE. Microsoft has woven IE into the fabric of Windows \u2013 and it\u2019s still there despite a decade-or-so of extraction effort. An IE patch is an important event because a hole in IE can manifest itself in many ways. But in this case, with no clear explanation, we don\u2019t know what ways, or whether you\u2019re only at risk if you actually use IE.<\/p>\n It gets worse.<\/p>\n I\u2019m seeing reports that the Win7 patch, KB 4483187, triggers random crashes<\/a>. Removing the update restores the machines. But with the holidays about to go into full swing, it\u2019s hard to say if that\u2019s an isolated incident or a lump of cantankerous coal.<\/p>\n Outlook 2013 patch Three Card Monty<\/strong><\/p>\n Also on Thursday, Microsoft released yet another mysterious patch, KB 4011029, the \u201cDecember 20, 2018, update for Outlook 2013.\u201d According to the KB article, it fixes a bug where\u00a0Mail delivery rules stop working. When you try to open the “Manage Rules & Alerts” dialog box in Outlook 2013, you receive the following error message:<\/p>\n The operation failed because of a registry or installation problem. Restart Outlook and try again. If the problem persists, reinstall.<\/em><\/p>\n Nice little holiday bug for anyone using rules in Outlook 2013. But, again, there\u2019s more to the story.<\/p>\n Three days ago, Microsoft acknowledged a bug in Outlook<\/a> that\u2019s identical to the one described in the KB 4011029 article, but it affects three different \u201cperpetual\u201d (which is to say, bought and installed) versions of Outlook \u2013 Outlook 2010, 2013 and 2016 — plus bugs in four different subscription (which is to say, rented versions) releases of Office 365:<\/p>\n Version 1810 build 11001.20108 Apparently, the bug was introduced in the November security patches, but hadn\u2019t been acknowledged until three days ago.<\/p>\n I\u2019ve found no explanation for why Outlook 2013 has been patched, but the other six versions have not. It\u2019s possible that there are five more patches<\/a> waiting in the wings. It\u2019s possible that this one patch is actually intended for other versions of Office. All we know for sure is that somebody\u2019s left us hanging out to dry \u2013 no explanation, no release plan.<\/p>\n Sounds like a pretty common state of affairs, eh?<\/p>\n All of this is happening against a backdrop of Microsoft\u2019s newly restored zeal<\/a> in pushing Win10 version 1809 on all Win10 users. Reports on 1809 have been good, in general \u2013 although the new feature set<\/a> won\u2019t wow anyone but the most diehard Windows (and Notepad) fans \u2013 but Microsoft itself hasn\u2019t yet declared version 1809 as fit for businesses.<\/p>\n Those who click \u201cCheck for updates\u201d are most likely to get the new version, but it\u2019ll get pushed on non-seekers soon enough.<\/p>\n I\u2019ve seen exactly zero reports of machines being taken over by the Internet Explorer bug, zero detailed descriptions of the problem (or its solution), zero bonafide cause for alarm, but the \u201cSky is Falling \u2013 Patch Right Now!\u201d cry continues to ring throughout the blogosphere. That could mean one of two things:<\/p>\n I\u2019m convinced the latter is far more likely. But your level of paranoia may well differ. Hey, you may actually enjoy\u00a0<\/em><\/strong>putting your PC through the wringer while the world\u2019s taking a well-deserved break.<\/p>\n We\u2019ll keep a watchful eye through the holidays on the AskWoody Lounge<\/a>. <\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Woody Leonhard| Date: Fri, 21 Dec 2018 08:21:00 -0800<\/strong><\/p>\n Just when you\u2019re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn\u2019t pass the smell test.<\/p>\n Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:<\/p>\n Win10\u00a01809<\/strong>\u2013 KB 4483235<\/a>\u00a0\u2013 build 17763.195<\/p>\n
Version 1808 build 10730.20205
Version 1803 build 9126.2315
Version 1708 build 8431.2329<\/p>\n<\/p>\nMysterious bug fix for IE<\/strong><\/h2>\n