Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it.
For the remote code execution vulnerability in Internet Explorer 9/10/11 tracked as CVE-2020-0674, though, there is available a temporary third-party fix.
Official solutions not good
There is information that this vulnerability has been exploited in the wild in limited targeted attacks, which makes it more concerning to companies. Attackers can leverage it to silently execute arbitrary commands on an unpatched system when the user visits a specially crafted website.
The severity of the issue prompted Microsoft to provide a short-term patch until KB4532693 became available. However, it came with a note about possible negative side effects for features using the jscript.dll file. It also causes printing to fail on HP and other USB printers.
Next came Patch Tuesday delivering the KB4532693 update that should have solved the problem but created even more problems. If you’re not in the loop about the trouble it creates for some users, check our article here.
The tl;dr of it is that the update prevents restoring the original user profile, leaving a temporary profile instead. The data is not lost; it is stored in a .000 or .BAK file.
Before Microsoft got to repair the security vulnerability, the 0Patch platform delivered to its users in the form of a micropatch – bite-size code that corrects security problems in real-time and takes effect without rebooting the machine.
It was not for Windows 10 v1903/1909, though. In a tweet today, Mitja Kolsek, CEO of Acros Security company behind 0patch, announced that the micropatch has been ported for these versions, too.
Initially, the interim solution was available for Windows 7, Windows 10 v1709/v1803/v1809, Windows Server 2008 R2, and Windows Server 2019.
It is offered to users of the free version of the service, which is allowed for non-commercial use only, as well as to paying customers (Pro – $25/agent/year – and Enterprise license holders), Kolsek told us.
Users that run the micropatch can use this test page to check if it applied correctly (requirement: Internet Explorer 11 on Windows 7, Server 2008 R2 or Windows 10 v1903/v1909).