Windows 10 Version 1507 Faces Vulnerability Due to Rollback of Previous Fixes
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1507
- Vendor
- CVE Published:
- 10 September 2024
Badges
Summary
The first article discusses a vulnerability in Windows 10 version 1507, which is no longer supported except for specific editions. The vulnerability is caused by rollback of fixes for some vulnerabilities and can be exploited by attackers, potentially leading to danger for unpatched PCs. Microsoft has released updates to fix this and other security vulnerabilities, including ones already being exploited. The article also mentions the release of Adobe updates and provides resources for those administering enterprise systems. The second article discusses a critical vulnerability in the Apache OFBiz open source enterprise resource planning (ERP) system, which has a high CVSS score and allows attackers to bypass authentication processes and execute server-side request forgery (SSRF). This can lead to remote code execution. The issue was discovered as a result of an incomplete patch for an earlier vulnerability and is being actively exploited in the wild. A new version has been released to fix the vulnerability, and organizations using Apache OFBiz are urged to upgrade promptly to mitigate the risk. The exploitation of this vulnerability poses a significant risk, as it can allow unauthorized access and control over affected systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-43491 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 < 10.0.10240.20766
News Articles
EPSS Score
2% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by Krebs on Security
Vulnerability published.
Vulnerability Reserved.