Reported crash with the new out-of-band IE fix on Win7, KB 4483187

Topic

New Reply

Remember yesterday, when I warned you that these extreme out-of-band patches have a nasty habit of causing havoc? Reports of problems with the patches
[See the full post at: Reported crash with the new out-of-band IE fix on Win7, KB 4483187]

13 users thanked author for this post.

Lori, Propje, cesmart4125, SueW, Elrod, BobbyB, Elly, banzaigtv, GreatAndPowerfulTech, fernlady, Hopper15, geekdom, Mr. Natural

Reply | Quote

Replies

You definitely warned us.  I’m glad I held off.

Reply | Quote

P.S. This is exactly the kind of report I expect to issue with AskWoody Plus Alerts, once we have the mechanism in place. The Alert would contain the same content as this post, but I can update the AskWoody post as events unfold.

3 users thanked author for this post.

Propje, Elly, AJNorth

Reply | Quote

My XP VM is running Avast Free. This morning I installed KB4483187 for IE8 on it. Avast crashed – service would not start.

I uninstalled KB4483187 – did not fix the problem.
I downloaded and installed the current Avast installer (did not uninstall first) – Avast still crashed.
System Restore did not run (not surprised).
There are few AV programs that still run on XP. I will replace the VM with a backup and try several other things. Will report back with the results. I suspect it may be the javascript changes. Maybe Avast will fix the problem.

Edit: See update below.

8 users thanked author for this post.

Propje, walker, Elly, AJNorth, Microfix, BobbyB, Hopper15, geekdom

Reply | Quote

I wonder if there will be problems with all non-Microsoft anti-virus programs.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Far as I’m aware, this patch was only released for Embedded Standard 2009 and POSReady 2009.  Are you trying to apply a patch meant for Windows Embedded onto a standard Windows XP system?  If so, that’s probably why you’re having a problem.

1 user thanked author for this post.

BobbyB

Reply | Quote

No, I did the hack.

1 user thanked author for this post.

BobbyB

Reply | Quote

Hello PKCano,

Someone called me earlier today with essentially the same problem.  Cutting to the chase, I had them first uninstall KB4483187; then uninstall Avast using their Uninstall Utility (https://support.avast.com/en-us/article/10) and finally, as they still had their installation disc, run SFC.EXE /SCANNOW (which completed successfully).

Instead of reinstalling Avast, Adaware Antivirus Free was installed, and everything seems to be working okay in the virtual XP.

4 users thanked author for this post.

walker, cesmart4125, PKCano, Microfix

Reply | Quote

EDIT:

Forgot to mention that all the XP security updates were successfully installed (including KB4471328).

Reply | Quote

UPDATE   UPDATE   UPDATE

Originally, Avast and Windows both updated.

Rolled VM back to installed November updates. Uninstalled Avast. Ran Windows Update for Dec. XP runs fine with both KB4470199 and the 12/19 update KB4470199. Downloaded and installed the latest version of Avast – install did not work. Showed installed in “Add/Remove Programs'” and folder created in C:\Programs,  but no icon in the tray, no menu item, no icon on the desktop.

Rolled VM back to installed November updates again. Allowed Avast to update the definitions and the engine. It was not successful, the service did not start, even without the Dec Win updates applied.

Rolled VM back to installed November updates again. This time Avast updated the definitions but I did not allow it to update the engine. So far, so good. Installed KB4470199 manually, rebooted, still good. Installed the rest of the XP Dec updates including KB4470199, rebooted, everything still good.

Conclusion: The December Windows Updates for XP are good. Avast runs on XP as long as the engine is not updated to the latest version.
The EOL of the EOL of XP is about to expire in Jan 2019. Looks like it is about time to retire the XP VM.

5 users thanked author for this post.

satrow, AJNorth, BobbyB, woody, Microfix

Reply | Quote

PKCano … I run Win XP on a computer (actual – not virtual) with the registry tweak for POSReady2009 so that it gets all of the MS patches … and I’ve found that I can’t get AVAST to run with the engine above 18.3.  I kick myself every time I try to update the AVAST engine past that – both as an in-place engine update or as a full A/V install/re-install.  The AVAST UI service won’t start/run and the program says it doesn’t know why.  Trying System Restores and the uninstall/re-install of AVAST doesn’t seem to fix the problem.  The only thing that works is to use a Macrium Reflect image to image restore the whole harddrive to its original state.  I’ve decided that I can happily end my XP days with the AVAST 18.3 engine, which runs just fine and of course still gets AntiVirus signature updates.

1 user thanked author for this post.

PKCano

Reply | Quote

@AJNorth says Adaware Antivirus Free will run without a problem. See his post above in this thread.

1 user thanked author for this post.

walker

Reply | Quote

Is there a version of this update for the standard Windows XP home version (not XP VM or XP Embedded)?  If so, how do you find it?

I know standard XP went out of support years ago, but Microsoft has issued a few sporadic patches for bigger issues impacting standard XP since then.

Reply | Quote

The patches for POSReady are listed on the Microsoft Software Distribution pages, but I don’t believe they work on XP Standard.

Reply | Quote

hmm… anyone else seen this issue with Windows 10 as well? We have had over a dozen users in the last 24 hours say their machines keep randomly restarting for no known reason!

1 user thanked author for this post.

banzaigtv

Reply | Quote

Which version(s) of W10 are you reporting?
Do they have common denominator 3rd party AV or program?

If debian is good enough for NASA...

Reply | Quote

They all run Malwarebytes’ and Windows Defener
They all seem to be on 10.0.17134.471

Reply | Quote

Welcome to the forum 🙂
Have you tried disabling malwarebytes on one system to establish whether it could cause the reboots after applying the IE patch?

If debian is good enough for NASA...

1 user thanked author for this post.

woody

Reply | Quote

I have not had a chance… the machines literally reboot 2 or 3 times withing 20 minutes and then run normal after than so far.

1 user thanked author for this post.

woody

Reply | Quote

Finally figuring it out after a few days of being able to access the user’s machines.  On Windows 10, KB4483234 is the culprit.  It is failing to install and forcing a system reboot.  Then again failing to install and forcing a system reboot… repeat pattern…  Manually running updates has forced the install on 3 machines so far an this seems to correct the issue I was seeing.

2 users thanked author for this post.

woody, Microfix

Reply | Quote

Thanks for the bootloop report,
good to read you got it sorted.
A festive unwanted gift from satya claus?

Looks like this is happening elsewhere also, iceman994 on reddit:
https://www.reddit.com/r/Windows10/comments/a8d1it/new_issue_with_2018_december_21st_update/

If debian is good enough for NASA...

Reply | Quote

Group A ,W7x64, home premium ,  AMD.    MSE and ADW cleaner.  I only use IE for updates the rest of the time I use Firefox.  No problems so far.

Reply | Quote

At this point, no further details are publicly available regarding the vulnerability itself, but one could speculate that CVE-2018-8653 might very well be a revised, more thorough (or complementing) revision of the CVE-2018-8643 patch.

If that is true, these kind of vulnerabilities seem to be exploiting (and bypassing) VBScript execution policies and the root cause of the reported crashes might, indeed, be a conflict between the updated libraries and third-party applications that are using the IE engine for rendering web content.

In David’s case, apparently, that third-party culprit would either be Chrome (is he using the latest version?) or – more likely, especially after reading PKCano’s post – the AV (Bitdefender)…

2 users thanked author for this post.

David Beroff, woody

Reply | Quote

My Chrome install uses the correct version 71.0.3578.98 (64-bit).  As for AV, I may not have been sufficiently clear in my earlier reply: I had to uninstall Bitdefender before any of this started.  I just double-checked now, and I couldn’t find any lingering services or processes from them.  Also, two of the five (or more?) crashes occurred before I even got a chance to start Chrome, i.e., very early in the bootup sequence.

Still not a great sample size, but it’s now been a few hours without any crashes.

Thank you, all, for your help and interest.

3 users thanked author for this post.

walker, woody, Microfix

Reply | Quote

After a few days, my mean time between failures is about one day.  Admittedly, daily is better than hourly, but I’m still obviously not happy.  I did uninstall and hide KB4483187 that same day, although that doesn’t seem to have been enough, as this system used to be rock solid, and this Windows Update (and subsequent reversal) is literally the only thing that’s recently changed.  I did see that Windows created a Restore Point just before the installation; would that be of any help?  (I’ve never used those, as I really would prefer to not have to re-install everything on this machine.)  I’d be happy to delete MSIE if this was possible; it seems to be at the root of many issues, despite my never using it.  As mentioned before, the last time I had crashing issues, I’d narrowed it down to Google’s Backup and Sync, but again, that’s not running when these crashes occur.  Thanks in advance!

1 user thanked author for this post.

cesmart4125

Reply | Quote

@David-Beroff said:

…I did see that Windows created a Restore Point just before the installation; would that be of any help?…

Yes, that should restore your system back to the way it was immediately before the installation of KB4483187. That’s why Windows does these things: In the event something goes awry you’ll have a “fail-safe” place to fall back to. Or, at least you should if everything went well with the establishment of the restore point and you haven’t deleted any software that was already installed at the moment the restore point was created, from what I understand of the way restore points are supposed to work.

Reply | Quote

Yeah, except that the Restore Point from the 20th doesn’t seem to actually be there. 🙁  Yes, permissions are set to allow them to happen, and yes, there is plenty of disk space configured and available.  An unrelated install created one on the 30th, but of course, that doesn’t help me.  Great; the one time I actually want/need such a facility, and it’s not available.  {sigh}

On the plus side, random crashing has gone from daily to “only” once or twice a week.

Is there any way to look at the logs and actually see what’s happening at the time it crashes?

Reply | Quote

Well, Microsoft announced a well deserved holiday, so don’t expect any solutions soon

Reply | Quote

Not only has the KB article been surreptitiously updated (incorrectly, it turns out), but there’s speculation now that the security hole was introduced by the November or December updates.

More coming tomorrow in Computerworld.

10 users thanked author for this post.

Lori, walker, Elly, cesmart4125, satrow, BobbyB, PKCano, Mr. Natural, Microfix, geekdom

Reply | Quote

Unless Beta Testing leave it alone?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Facepalm

Red Ruffnsore

1 user thanked author for this post.

geekdom

Reply | Quote

Patch in haste repent at leisure having the usual sabaticle from patching until next year, hopefully New year new improved patching regime, he says in hope but not in expectation 😉

1 user thanked author for this post.

Bill C.

Reply | Quote

I installed KB 4483187 on Win 7 64 bit this morning and no problems yet.  Don’t have Avast, but ran a few other programs and no crashes.

Reply | Quote

Win7Pro-64_SP1 here, Group B, with all November patches applied w/o issues.
Boy am I glad I always check here first when I get that feeling to patch a “serious” problem. I was going to install the IE updates. Saved again. BobbyB got it right in post #241610, “Patch in haste repent at leisure.”

Probably unrelated, but on my machine on December 15th, Malwarebytes Premium threw the first of 3 errors regarding crashes at shutdown that involved ntdll.dll and mbamservice.exe. This is transparent unless you look at the logs or Action Center. Last night MB itself reported that the Webprotection Module was turned off. The issue is documented on their forum. Interestingly a colleague who is unpatched since May, also reported the MB issue.

I know Group B patching is NOT cumulative, but are out of band fixes included in the next Security Only (Group B) IE patch (cumulative) or the monthly Group B patch the following month.

Reply | Quote

The IE11 patches are cumulative. The out-of-band patch this month superseded the Patch Tuesday IE11 Update. And the Jan IE11 CU will contain KB4483187.

5 users thanked author for this post.

Lori, walker, OscarCP, cesmart4125, Bill C.

Reply | Quote

I did install KB 4480970 (monthly rollup; w7 32bit, https://support.microsoft.com/en-us/help/4480970) this weekend bit in release notes cannot find if kb4483187 is included?

Reply | Quote

The chain of supersedence is through the IE11 CUs. 2019-01 IE11 CU KB4480965 replaces 2018-12 IE11 CU KB4483187. Since the 2019-01 SMQR contains the Jan IE11 CU, then CU KB4483187 is replaced by the Jan CU KB4480970.

Er, you got that, right?

Reply | Quote

Thank you!

Reply | Quote

FWIW, am also running MWB Premium on Win 7 Pro x64, but have not experienced any of the issues that you have related (at least so far…). The machine was fully patched about twenty-eight hours ago (“Group B”).

1 user thanked author for this post.

rontpxz81

Reply | Quote

I’m not sure this fits here but seems related. I don’t use IE but some programs default to it and start it if you click help or info/about. When that happens I just close IE. It hasn’t happened in a while.

I’m in group A and never install updates until given the go ahead. I have left my settings at check for updates but let me decide.

This morning I was in an online game and had to leave the room for a bit. Windows rebooted when I was away and I couldn’t find a cause. I was checking things when it rebooted again. I ran malwarebytes and my virus scanner in safe mode and after I rebooted to normal mode. Everything was okay. I even scanned with stinger but found nothing.

Tonight the computer seems okay but i have noticed several windowsupdatefailure3 events in event viewer. Could WU have caused the problems?

Reply | Quote

My Windows 2008 R2 Server would not start after applying update above KB4483187. Please hold onto installing it. Having still a headache to bring the server back to life 🙁

3 users thanked author for this post.

walker, cesmart4125, woody

Reply | Quote

Installed this fix on Win 7 32-bit SP1 and no problems.  Use Microsoft antivirus s/w so may explain things.  So far so good.

Reply | Quote

Chrome is my default browser and I haven’t used IE in years. But I wonder how is IE “woven into windows” even if you never use it? How does it impact the OS? I run Win 7, x64, Group A.

Reply | Quote

Some of the behind-the-scenes files and methods that IE uses to display items on a web page are also used by Windows Explorer to display items on your computer.

Also, if you look into file associations, you might notice that IE is listed as the go-to program for displaying certain file types, despite your use/choice of Chrome as your default browser for the internet.

BTW I’m running Win7 SP1 x64. I doubt that there’s any difference between home, pro or any other version (enterprise, starter, etc.) when it comes to file associations.

The above concept makes for a very good reason to keep IE updated with the current security patch(es) when we get the go-ahead by the raising of the MS-DEFCON level to 3 or higher.

We’re currently at level 2 so, if you haven’t downloaded and installed it already, please don’t download and install the patch just yet. By the time we get the go-ahead, MS may have a newer version of the patch available that won’t crash anyone’s system. Stay tuned here to AskWoody for the latest info on the status of the IE out-of-band patch, and whether it’s safe to install or not.

4 users thanked author for this post.

Lori, AlphaCharlie, OscarCP, OldBiddy

Reply | Quote

Thank you for this helpful response and advice, Anonymous. Succinct and comprehensible and I see why it’s important to keep IE updated. It’s really more than just a browser. Will definitely wait til Woody gives the go ahead before installing any patches though.

Reply | Quote

Win 7 64 crashed on me a day after installing this. I don’t use IE. Could not boot up normally after that, crashed during boot. Booted into safe mode and did a restore to before the update and things have been working fine since.

Reply | Quote

What is your anti-virus software?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

It is already the 3rd of January as I write this: Are there any further news about this problem? Would it be a good idea not to install the December IE patch now, but wait until late in January, in case of a possible out-of-band “re-patch” becoming available before or as late as then? Thanks.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

As a follow-on to the above question: I have KB 4483187 (some 50+ Mb) offered through Windows Update. I usually update as Group B. Should I ignore the offered update and download it instead from the Catalogue, or is it the other way around? I remember that something about this was advised some time ago, but now am not sure exactly what that advice was. Thanks.

Group B, Windows 7 Pro, SP1 x64; I-7 “sandy bridge.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I have installed KB4483187 on eight (8) of my Win7 machines (4 VMs and 4 hardware installs) and on four (4) Win8.1 machines, all through Windows Update – none have had any problems.

3 users thanked author for this post.

Lori, OscarCP, Microfix

Reply | Quote

Can you take the risk in not addressing a remote code execution vulnerability?
I suggest you read these two articles..

https://support.microsoft.com/en-us/help/4483187/cumulative-security-update-for-internet-explorer-december-19-2018

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

If debian is good enough for NASA...

2 users thanked author for this post.

Lori, OscarCP

Reply | Quote

Hi, I installed kb4483187, downloaded from the Catalogue via AKB2000003, on 1st January 2019 before I did my monthly search on WU. It has installed without any problem on my Win 7 32-bit desktop and also on my Win 7 64-bit laptop – no adverse reactions at all. The only weirdness I encountered this month was in relation to MSRT, but that was just a hiccup!

2 users thanked author for this post.

OscarCP, Microfix

Reply | Quote

PKCano, Microfix and TSP: Thanks, you three, for your comments. I have just installed all the December updates (a total of 14 patches!, twelve of those offered by Windows Update and that have been declared OK in the Master Patch List, plus the Security Only and IE11 patches from the Catalogue) And all seems well.

Although here is a thought for others who might also read this: Your mileage might vary, depending on what you have installed in your machine and what you do with it. I have noticed, for example, that people who do unusual things also seem to have unusual problems after patching. What is “unusual”, you might ask? That question is next in non-answerability to “what is truth?” You know who you are.

Group B, Windows 7 Pro, SP1, x64, I-7 “sandy bridge.”

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

I have two Windows 7 computers – both would lock up shortly after booting after the Dec. 11 (+/-) update.  I was able to get them both stable again with a System Restore back to an early restore point.  Then the IE update came out.  One computer I had turned off.  The other got the update.  That computer would only go to the BIOS screen.  I created a System Repair disk, the allowed me to get to a Command Prompt.  My C: drive could not be accessed (“Access Denied”).  My D: and E: drives were accessible.  The only way I have been able to get access to the C: drive contents was using a RAM based DVD ISO installation of Linux.  From there I was able to get the files I wanted.  However, it requires a complete new Windows ISO install.  Will probably upgrade to Windows 10.  Was using Windows 7 due to the elimination of WMC in Windows 10.  No help from the Microsoft techs via chat other than getting me an ISO copy of Windows 7.  Pretty pathetic.

Reply | Quote

It looks like installing the KB4483187 IE update does finally prevent Windows Update from offering old IE11 security updates like KB3185319, KB3175443. etc. (after I uninstalled KB3185319 from my Win7 & 8.1 computers) 🙂

However KB4483187 will STILL be offered from Windows Update, even though KB4480965 IE update, KB4480960 for Win7 or KB4480964 for Win8.1 is installed. I don’t know why…

1 user thanked author for this post.

woody

Reply | Quote

Because of KB4483187 is cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based systems and consists of all previous IE updates.

1 user thanked author for this post.

Elly

Reply | Quote

Here it is Feb 9 and WU is still offering me KB4483187 on W7/32 even though I have KB4480960 installed.

In the MS catalog it states that KB4483187 is included in KB4480960 (and as it is cumulative, it should), but WU is not picking that up. Rebooting and then manually checking for updates after KB4480960 is installed does not make KB4483187 go away, it gets re-offered via WU.

User intervention (e.g. hide it) seems appropriate. However, one has to wonder if the KB4483187 shown as incorporated in KB4480960 is the same (code wise or it has a different release date) as the one that WU has on offer. I understand that the release date associated with a specific KB number is a criteria for WU when determining what a user should receive.

Reply | Quote

KB4480960 is the January Security-only Update for Win7. It is NOT cumulative. It does NOT contain KB4483187, which is a Dec CU for IE11.

Reply | Quote

You are correct. My apologies. I meant the rollup. I used the wrong KB number.

Microsoft states that Users can confirm they are protected by verifying that the version of
jscript.dll is 5.8.9600.19230, in C:\Windows\System32\jscript.dll

Reply | Quote