Windows 10 Version 1507 Faces Vulnerability Due to Rollback of Previous Fixes
CVE-2024-43491
Key Information:
- Vendor
- Microsoft
- Status
- Windows 10 Version 1507
- Vendor
- CVE Published:
- 10 September 2024
Badges
What is CVE-2024-43491?
CVE-2024-43491 is a serious vulnerability in Windows 10 Version 1507, primarily affecting the Servicing Stack responsible for delivering updates. This vulnerability arises due to the rollback of prior fixes for identified issues within Optional Components. Organizations utilizing this outdated version, specifically Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, may find themselves at significant risk because attackers could exploit these previously mitigated vulnerabilities. The potential for exploitation could lead to severe operational disruptions, data breaches, and compromised systems.
Technical Details
CVE-2024-43491 impacts Windows 10 Version 1507, which was released in July 2015. The vulnerability is tied to the Servicing Stack, which is meant to facilitate the deployment of security updates. A critical security update released on March 12, 2024 (KB5035858), inadvertently caused previous patches to be rolled back, reintroducing vulnerabilities that had been previously addressed. Although later versions of Windows 10 are not affected, the ongoing support for the 2015 LTSB editions means that systems running these versions remain vulnerable unless they implement the proper updates. Organizations can mitigate this vulnerability by installing the September 2024 Servicing Stack Update (SSU KB5043936) and then applying the September 2024 Windows security update (KB5043083) in sequence.
Impact of the Vulnerability
-
Re-exposure to Mitigated Vulnerabilities: The rollback of previous security fixes means that systems could be exploited through previously patched vulnerabilities, which puts critical data and system integrity at risk.
-
Increased Risk of Exploits: With the vulnerability actively exploited, attackers could potentially conduct remote code executions or gain unauthorized access to affected systems, leading to significant operational and financial repercussions for organizations.
-
Potential for Widespread Threats: As Windows 10 Version 1507 is still utilized in specific enterprise and IoT environments, the continued existence of this vulnerability poses a broader risk, enabling attackers to exploit numerous systems within organizations that have not updated to supported versions.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.0 < 10.0.10240.20766
News Articles
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…
4 months ago
Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
Microsoft patched four zero-days, including a critical bug (CVE-2024-43491) in Windows Update that allows rollback of security fixes.
4 months ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SecurityWeek
Vulnerability published
Vulnerability Reserved