Important Windows 10 Update Security Glitch Fix Certified by Microsoft
Microsoft finally fixes a dangerous Windows Update glitch.
I always advise people and organizations to use the latest security updates from Microsoft as soon as possible. But what if Windows Update was actually Windows Downdate and reverted your operating environment to a time when security updates were not installed? Welcome to the real situation that some Windows 10 users have found themselves exposed to. Fortunately, Microsoft has come up with a fix.
What is CVE-2024-43491 and Why is it So Dangerous?
The latest security fixes, collectively known as Patch Tuesday, have been announced by Microsoft. Among them there are very dangerous zero days that can bypass Windows protection. The most concerning issue, and the most important with an average vulnerability of 9.8 out of 10 and strong exposure values, however, it can reverse security fixes for other Windows 10 users, with Microsoft’s hackers guaranteeing that they will be able to exploit the previously mitigated vulnerability and for users who have installed the Windows security update of March 12 and “other updates released until August 2024 .”
According to Kev Breen, senior director of threat research at Immersive Labs, some Windows components that were left vulnerable due to security updates “were known to be exploited in the wild during ago, meaning attackers could still exploit them. Windows Update says it’s completely hidden.”
It appears that, in certain versions of Windows affected by the zero-day vulnerability, the version numbers checked by the Windows update service were handled incorrectly in the code. Microsoft said that the build version number exceeded the version that caused the code error. “This suggests that there was a lot of infection,” Breen said, “which means that optional parts were found to be ineffective, so they were reverted to their original versions that were not written.”
Which Versions of Windows 10 Are Affected by CVE-2024-43491?
The CVE-2024-43491 remote code execution vulnerability does not affect all versions of Windows 10. For that, we can all be thankful; I think we can all agree. However, for those concerned, news of the final fix could have come too soon. Fortunately, a small group of users, mainly those with Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) have installed the Windows 12 security update. March 2024. “Overall,” Adam Barnett, lead software engineer at Rapid7, said, “while there are still many organizations running Windows 10 1507, many admins can breathe a sigh of relief.” this, then they go back to worrying about everything else.”
Only Windows 10 applications are affected by CVE-2024-43491
This does not mean that it should not be taken very seriously by those who run the relevant Windows 10 versions. In fact, there are specific patching instructions that must be followed. “This service vulnerability is resolved by installing the September 2024 Service stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order,” Microsoft said. According to Tyler Reguly, deputy director of security research and development at Fortra, “this is where organizations really need to pay attention to the details to see if they are affected, and if they are , it will require a lot of attention … it is important that the service stack update is installed before the Microsoft security update.”
#Important #Windows #Update #Security #Glitch #Fix #Certified #Microsoft