Microsoft’s mega Patch Tuesday update also brought a fix for a several-week-old Cortana bug that was causing high CPU pain for Windows 10 version 1903 users.
Microsoft last week finally acknowledged user complaints about the Cortana process SearchUI.exe causing abnormally high CPU usage.
Complaints rolled in after users installed the KB4512941 update that Microsoft released on Friday, August 30, to address bugs from a previous cumulative update that were lingering on in version 1903.
Microsoft promised that a fix for the high CPU usage would be provided by mid-September, but the company actually delivered it a little earlier, as part of its huge September Patch Tuesday update.
“Addresses an issue that causes high CPU usage from SearchUI.exe for a small number of users. This issue only occurs on devices that have disabled searching the web using Windows Desktop Search,” Microsoft said in the security update KB4515384 released yesterday.
Still, a small number of Windows Insiders had reported the same issue through the Feedback Hub in preview testing of the buggy update, which Microsoft missed despite recent efforts to improve its detection of narrowly reported issues
The Patch Tuesday update address two zero-day elevation of privilege flaws that were under attack already. The update included 80 security fixes.
Additionally, Microsoft patched two remote code execution bugs in the Remote Desktop Protocol. However, these don’t appear to be as dangerous as the recent BlueKeep and DejaBlue vulnerabilities, which could be used to create a wormable exploit to automatically infect vulnerable machines on the same network.
“Unlike BlueKeep and DejaBlue, these members of the Blue Bug Group are all client-side. An attacker would need to convince someone to connect to their malicious RDP server or otherwise intercept (MITM) the traffic,” said Dustin Childs from Trend Micro’s Zero Day Initiative.
“It’s good to see these issues patched, but they don’t carry the urgency of the recent wormable bugs.”