Cumulative security update for Internet Explorer: September 23, 2019

Applies to: Internet Explorer 11 on Windows Server 2012 R2Internet Explorer 11 on Windows Server 2012Internet Explorer 11 on Windows Server 2008 R2 SP1


This security update resolves a vulnerability in Internet Explorer. A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could run arbitrary code in the context of the current user. The security update addresses the vulnerability by changing how the scripting engine handles objects in memory.

To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1367.

Additionally, see the following articles for more information about cumulative updates:


  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to get and install this update

Before installing this update

You must have the following updates installed before installing this update (KB 4522007). Installing these updates improves the reliability of the update process and mitigates potential issues while installing this update.

Install this update

To install this update, use one of the following release channels.

Release Channel Available Next Step
Windows Update and Microsoft Update No

See the other option below.

Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) No

See the other option above.

Known issues in this security update

Known issue


For Windows 7 SP1 and Windows Server 2008 R2 SP1, VBscript in Internet Explorer 11 should be disabled by default after installing updates starting with KB4507437 (Preview of Monthly Rollup released July 16, 2019) or KB4511872 (Internet Explorer Cumulative Update released August 13, 2019) but in some circumstances, may not be disabled as intended.

This issue was resolved in KB4519974.

The print spooler service may intermittently have issues completing a print job and may result in a print job being canceled or failing. Some apps may close or error when the print spooler fails and you may receive a remote procedure call error (RPC error) from some printing utility or printing apps.

This issue was resolved in update KB4524135.

File information

File verification

File attributes

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables.

Note The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.

Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2

Internet Explorer 11

Windows Server 2012

Internet Explorer 11

Internet Explorer 10

Windows 7 and Windows Server 2008 R2

Internet Explorer 11

Windows Server 2008

Internet Explorer 9

Information about protection and security


Learn about the terminology that Microsoft uses to describe software updates.