Microsoft has recently found its share of problems and a seemingly simple patch poses serious problems to some laptops running the 2016 birthday update. The update was originally released to prevent an attack of the day zero against IE.
By Microsoft, the problem was solved:
There is a remote code execution vulnerability in the way the scripting engine handles objects in memory in Internet Explorer. This vulnerability could corrupt the memory, so an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited this vulnerability could obtain the same rights as the current user. If the current user is logged on with administrator rights, an attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs. View, edit, or delete data or create new accounts with full user rights.
In the case of a Web attack, an attacker could host a Web site specifically designed to exploit this vulnerability via Internet Explorer, and then prompt a user to visit this website, for example by sending an email.
The security update addresses the vulnerability by modifying the way the scripting engine handles objects in memory.
But now, this solution is a very big problem: it prevents the startup of some laptops. The affected computers are part of a fairly small group – only Lenovo laptops with less than 8 GB of RAM running the 2016 Birthday Update (1607) – but the problem is still serious.
Fortunately, there is a way to get around the failed boot restarting in UEFI and disabling Secure Boot. It is also noted that if BitLocker is enabled, you may need to perform BitLocker recovery after disabling Secure Boot.
However, Microsoft is working with Lenovo to fix the problem and will issue a patch later. I would not count on it until the end of the year. Until then, be careful when updating devices, especially for Lenovo laptops with limited RAM.