Three days ago Microsoft released an emergency patch for Windows 10 to address a remotely exploitable vulnerability in Internet Explorer.

On release, the patch came with some known issues on some older versions of Windows 10 (though none on 1809) which are listed below:

Symptom Workaround After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception. For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing this update, some users cannot pin a web link on the Start menu or the taskbar. Microsoft is working on a resolution and will provide an update in an upcoming release. After installing KB4467682, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters. Set the domain default “Minimum Password Length” policy to less than or equal to 14 characters. Microsoft is working on a resolution and will provide an update in an upcoming release.

Since then however, Microsoft has added a further, somewhat more serious issue, affecting some Lenovo PCs which may cause them to fail to boot.

After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM. Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart. If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled. Microsoft is working with Lenovo and will provide an update in an upcoming release.

The issue is only affecting PCs on 1607 ie. the 2016 Anniversary Update, who applied KB4483229, and therefore most likely business PCs which are able to delay updates.

Given the seriousness of the vulnerability, which was being exploited in the wild, issues cropping up is not a reason not to install patches, but it may make a case for delaying the installation for a week or two to allow more brave users to find the pitfalls first.

Via Winfuture.de