On January 17th of this year (2020), Microsoft discovered and disclosed the existence of a zero-day vulnerability.
It was present in Internet Explorer versions 9 through 11. Hackers could display specially crafted websites that would allow them to remotely execute commands on a site visitor’s computer without their knowledge. That is, if they browsed the page using any of the above mentioned versions.
Microsoft is still working on a permanent solution to the problem. As a stopgap, they released a temporary fix that involved changing the owner of a certain problematic .dll file (jscript.dll) and denying access to that file for the “Everyone” group. Unfortunately, that temporary solution created new problems.
The company outlined the new issues as follows:
“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. For example, depending on the environment, this could include client configurations that leverage proxy automatic configuration scripts (PAC scrips). These features and others may be impacted.”
As more and more people have downloaded the temporary fix, it has come to light that the scope of the issues caused by it is far greater than originally anticipated. A growing number of users are reporting that post-fix-installation, they’re unable to print using HP and other USB connected printers, receiving an I/O error when a print command is issued.
Other users are reporting that MP4 files can’t play on Windows Media Player and that printing to a Microsoft PDF file have stopped working after the temporary fix was applied.
The main point is that there are no good solutions here. If you decide to run without the temporary patch, then you risk having your PC taken over if you happen to visit the wrong site. If you patch, you may lose other functionality you rely on. Sadly, Microsoft has no ETA on when a permanent fix might be available, so you’ll have to weigh the risks and your options carefully.
Hear from Philipp Baumann, owner and founder of BoomTech: