go to sections menu

Microsoft ships patches, out of band update from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > Microsoft ships patches, out of band update

Go to Homepage, contents or to navigation menu



Microsoft ships patches, out of band update

I’m seeing the following tweet on twitter.

Ryan Naraine, Microsoft ships patches outside of Patch Tuesday window (critical vulnerabilities – Scripting Engine and Windows Defender) . Quoted tweet from @msftsecresponse: Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367 and https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255 . 15 minutes ago, Twitter Web App

The link CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability looks to be very serious, and is linked within that tweet as well.

My question is: has scripting gotten this bad where people can use it to do harm I’ve not read the second link CVE-2019-1255 | Microsoft Defender Denial of Service Vulnerability yet, but this definitely is going to have to get interesting if two serious patches are out on the same day. Guess we’ll see what happens. Windows Defender is now installed in every windows system yet it can’t defend against this one.

I’ve never been a big fan of windows defender, because it seems to me that it doesn’t do much from my scanning of files. With this vulnerability, it can’t be a good day for Microsoft. Thoughts?


Informazioni sull'articolo

Microsoft ships patches, out of band update was released on September 23, 2019 at 12:22 pm by tech in article commentary.
Last modified: September 23, 2019.


Comments (1)

  1. Comment by crashmaster date 24 September 2019 alle 10:35 (),

    Well, I’d only install this update if you are having this issue.
    Its worth noting a couple comments before you update.
    1. the update is not in the windows update channel.
    Yes you can manually get it but its not deemed important or critical enough to be put in that channel.
    2. it covers internet explorer.
    While that is a problem, this will get worse and worse, remember internet explorer is just in for backward compatability.
    I do use ie myself for a few things but anything serious should be actually used in another brouser.
    edge chrome, chrome, waterfox and firefox are a few alturnates.
    I wouldn’t load this update just because you see it.
    The other issue is a big one, ms has recieved complaints about a non responcive issue in some languages with the keyboard.
    They say including chinese traditional and simplified, but who trusts microsoft’s actual known issues index anymore.
    After the drama with search box not working and this forcing me to reinstall windows completely from scratch I won’t be jumping into this in future especially if its not listed in the general updates.
    So if you don’t use the effective software for anything critical and you shouldn’t, the only thing I use it for is some updates for somethings and some weird email checks and a few other things but its really not a critical thing as such, then just don’t bother.
    There are issues with this as well as some others ones which will be fixed late in the month.
    We will have another optional cu maybe next week or so and if not, the really important critical security dump happens in another 3 weeks or so anyway.
    If its effecting you right now or could then install it.
    Usually I’d mention it and have it installed but its an out of band unlisted on regular channels update its got at least 1 make system unusable only to be fixed by repair or reformat issue.
    The easy choice is not to install it and use something else.
    And to be honest, if ie really becomes that bad that using it just doesn’t work, I will end up using another non ie brouser.
    It does seem that windows is switching from its own microsoft created interface to the chromium engine for its os which just about everyone else is, so it probably won’t matter that much.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu