Microsoft issued an urgent alert on Tuesday regarding a critical vulnerability in Windows Update. The tech giant warned that malicious actors are exploiting this flaw to reverse security patches on specific versions of its widely used operating system.
The vulnerability, officially designated as CVE-2024-43491, has been classified as critical with a near-maximum CVSS severity score of 9.8 out of 10. Microsoft has confirmed that this security hole is already being exploited in real-world attacks.
Notably, the company has withheld detailed information about the nature of these exploits. No indicators of compromise (IOCs) or additional data to assist security teams in detecting potential breaches have been provided. Microsoft stated that the vulnerability was reported anonymously.
The description of the flaw by the Redmond-based company suggests similarities to the ‘Windows Downdate’ issue, a topic of discussion at this year’s Black Hat cybersecurity conference.
The tech giant emphasizes the importance of a two-step update process to address the Windows Update flaw. Users are instructed to first install the Servicing stack update (SSU KB5043936), followed by the September 2024 Windows security update (KB5043083). This specific order of installation is crucial for effective protection.
The Windows Update vulnerability is not an isolated incident. Microsoft’s security response team has identified three additional zero-day vulnerabilities that are currently being exploited by malicious actors. These include:
- CVE-2024-38226: A security feature bypass in Microsoft Office Publisher
- CVE-2024-38217: A security feature bypass in Windows Mark of the Web
- CVE-2024-38014: An elevation of privilege vulnerability in Windows Installer
These newly reported vulnerabilities contribute to a concerning trend in cybersecurity threats targeting the Windows ecosystem. Since the beginning of the year, Microsoft has confirmed 21 zero-day attacks exploiting various flaws in their products.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
