Microsoft has addressed an actively exploited zero-day vulnerability as part of its ‘Patch Tuesday’ suite of updates released this week.
The flaw, designated CVE-2024-43491 and rated 9.8/10, is described by Microsoft as a vulnerability affecting Servicing Stack, the component that installs Windows updates. The flaw rolls back fixes for some vulnerabilities affecting optional components on Windows 10, version 1507, initially released in July 2015. Fortunately, all later versions of Windows 10 are not impacted by CVE-2024-43491.
Microsoft has released very little detail on CVE-2024-43491, its exploitation process, and how many victims have been impacted by it.
Rather, Microsoft is encouraging affected Windows users to install September’s Servicing Stack Update KB5043936 and Security Update KB5043083 for Windows 10, in that order.
Source: SecurityWeek
Analysis
When a Windows update is rolled back, or “downdated,” the operating system is changed to a less secure state in which a threat actor can exploit the vulnerabilities previously patched by the now removed update.
Theoretically, CVE-2024-43491 allows threat actors to exploit any vulnerabilities patched by Windows updates released between March and August 2024, making it imperative that network defenders install the latest updates for Windows 10 as soon as possible.
Mitigation
Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in operating systems like Windows.
Field Effect MDR users are automatically notified if a vulnerable version of Windows is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends users of affected Windows versions to update to the latest version as soon as possible, in accordance with the advisory. Additionally, users should consider upgrading to Windows 11 before Microsoft ceases support of Windows 10 in October 2025.
Related Articles
