Microsoft has issued an out-of-band required update for all versions of Windows, rounding out the patch it released on September 23 to address an already-exploited flaw in Internet Explorer.
Initially, Microsoft only released the out-of-band patch for CVE-2019-1367 on the Microsoft Update Catalog, which users needed to manually download.
SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)
But Microsoft has now released it through Windows Update and Windows Server Update Services (WSUS) to distribute it more widely to end users.
"This is a required security update that expands the out-of-band update dated September 23, 2019," Microsoft warns users.
The decision not to release the patch through Windows Update and WSUS caused some confusion. Why create a patch and then not distribute automatically to all Windows users until now?
The IE scripting engine flaw was found by Clement Lecigne of Google's Threat Analysis Group, and Microsoft raced out the patch within days.
It's likely that the vulnerability was being used to target a narrow section of Windows users. It's also not clear how much time Microsoft was able to spend regression testing its patch before releasing it.
Lecigne also discovered a publicly-unknown bug in Chrome and one affecting Windows 7 in February. The flaws were being used in tandem to attack targeted users.
Google released a patch for Chrome and disclosed the existence of the Windows 7 flaw before Microsoft was able to release its patch.
At this stage, Lecigne has not published any details about the IE flaw.
The new Windows out-of-band update also addresses a bug that caused print jobs to fail.
"Addresses an intermittent issue with the print spooler service that may cause print jobs to fail. Some apps may close or generate errors, such as the remote procedure call (RPC) error," explains Microsoft.
And it appears that the printing issue was caused by the patch for the IE flaw.
"To address a known printing issue customers might experience after installing the Security Updates or IE Cumulative updates that were released on September 23, 2019 for CVE-2019-1367, Microsoft is releasing new Security Updates, IE Cumulative Updates, and Monthly Rollup updates for all applicable installations of Internet Explorer 9, 10, or 11 on Microsoft Windows," Microsoft explained in its original advisory.
Another fix the new update addresses is an error that occurred when users install Features on Demand, such as .Net 3.5.
Microsoft also stressed that the current required update doesn't replace the upcoming October Patch Tuesday on October 8.
The new required security update is available for all supported versions of Windows 10, Windows 8.1, and Windows 7. Microsoft is recommending that users install this update as soon as a possible and restart their PC to fully apply the mitigations.
More on Microsoft and Windows 10 updates
- Windows 10 users fume: Microsoft, where's our 'local account' option gone?
- Windows 10 1909: Microsoft pushes on with testing as 19H2 update rollout looms
- Windows 10 1909: Microsoft ends 19H2 confusion, puts all testers on same builds
- Windows 10 1903: Buggy update slows PCs, breaks Desktop Search, says Microsoft
- Windows 10 CPU spikes? 1903 update brings fixes but also high usage issues
- Windows 10: We're now gearing up for 1909 with new throttled release, says Microsoft
- Microsoft: These Windows 10 updates fix broken Visual Basic apps but not for 1903
- No more buggy Windows 10 updates? Microsoft makes it easier to flag early flaws
- Windows 10 recovery: Microsoft borrows Apple's Mac cloud reinstall feature
- A new look for Windows 10 Start menu: Live Tiles ditched in leaked preview build
- Windows 10 19H2: If you're on 1903, expect 'far faster' update, says Microsoft
- Windows 10 updates: We're now using AI to push 1803 users to 1903, says Microsoft
- Windows 10 yields more secrets: Microsoft plan to split OS from shell takes shape
- How to delete the Windows 10 paging file on every shut-down TechRepublic
- Test Microsoft's Chrome-like Edge browser for Windows 10 CNET