Windows 10 Version 1507 Faces Vulnerability Due to Rollback of Previous Fixes

Summary

The first article discusses a vulnerability in Windows 10 version 1507, which is no longer supported except for specific editions. The vulnerability is caused by rollback of fixes for some vulnerabilities and can be exploited by attackers, potentially leading to danger for unpatched PCs. Microsoft has released updates to fix this and other security vulnerabilities, including ones already being exploited. The article also mentions the release of Adobe updates and provides resources for those administering enterprise systems. The second article discusses a critical vulnerability in the Apache OFBiz open source enterprise resource planning (ERP) system, which has a high CVSS score and allows attackers to bypass authentication processes and execute server-side request forgery (SSRF). This can lead to remote code execution. The issue was discovered as a result of an incomplete patch for an earlier vulnerability and is being actively exploited in the wild. A new version has been released to fix the vulnerability, and organizations using Apache OFBiz are urged to upgrade promptly to mitigate the risk. The exploitation of this vulnerability poses a significant risk, as it can allow unauthorized access and control over affected systems.

News Articles

Krebs on Security

CVE-2024-43491CVE-2024-38217

Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…

2 months ago

SecurityWeek

CVE-2024-43491

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

Microsoft patched four zero-days, including a critical bug (CVE-2024-43491) in Windows Update that allows rollback of security fixes.

2 months ago