Davey Winder is a technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
I always advise individuals and organizations to apply the latest security updates from Microsoft as soon as possible. But what if a Windows Update was actually a Windows Downdate and rolled back your operating system environment to a point in time where those security updates had not been installed? Welcome to the very real situation that some Windows 10 users have found themselves exposed to. Thankfully, Microsoft has finally come up with a fix.
According to Kev Breen, senior director of threat research at Immersive Labs, some of the Windows components that were left vulnerability by this rolling back of security updates “were known to be exploited in the wild in the past, meaning attackers could still exploit them despite Windows update saying it is fully patched.”
It appears that, on the particular versions of Windows impacted by the zero-day vulnerability, build version numbers checked by the Windows update service were improperly handled in code. Microsoft said that build version numbers crossed into a range that triggered a code defect. “This implies that there was an integer overflow vulnerability,” Breen said, “that meant optional components were detected as Not Applicable and therefore reverted back to their original unpatched versions.
The pre-authentication remote code execution vulnerability that is CVE-2024-43491 doesn’t impact all versions of Windows 10. For that, we can all be grateful; I think we can all agree. For those who are affected, however, news of a final fix should have come much sooner. Luckily, it’s a relatively small group of users, specifically those with Windows 10, version 1507 systems that have also installed the March 12, 2024 Windows security update.
Windows 10 Update Security Exploit Fix Windows 10 Update Security Glitch Microsoft Windows Windows 10 Security Patch Remover CVE-2024-43491 Patch Tuesday
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft’s latest security update has ruined dual-boot Windows and Linux PCsMicrosoft has issued a security update that has broken dual-boot Linux and Windows machines. The update wasn’t supposed to reach dual-boot PCs.
Read more »
Windows 11 Finally Overtakes Windows 10 On SteamBarry Collins has been a technology writer and editor for more than 20 years. He covers new developments in PCs, Macs, gaming and more, including the CrowdStrike crisis. He was assistant editor of The Sunday Times’ technology section, editor of PC Pro magazine and has written for more than a dozen different publications and websites over the years.
Read more »
New Windows Cyber Attacks Confirmed—CISA Says Update By September 3Davey Winder is a world-renowned technology journalist who covers cybersecurity news and research. He’s covered everything from the true story behind the hacking of Donald Trump’s nude photos to a record-breaking ransomware payment of $75 million.
Read more »
You definitely want to install these 90 Windows security patchesMicrosoft releases a huge number of fixes to combat a jaw-dropping 90 security flaws that include nine critical bugs.
Read more »
Microsoft improves Ryzen CPU performance with latest Windows 11 updateMicrosoft has released a new update for Windows 11 version 23H2 that improves Ryzen CPU performance. Gaming performance will jump by 10 percent for some.
Read more »
A forced Windows update is coming next monthSupport for Windows 11 22H2 is ending soon and Microsoft will be automatically initiating an update on eligible machines next month.
Read more »