Islamabad, Sep 11: Microsoft released an urgent alert about a serious flaw in Windows Update. The massive tech company issued a warning, claiming that hostile actors are using this vulnerability to undo security updates on particular iterations of its extensively used operating system.
Officially known as CVE-2024-43491, the vulnerability has been rated as critical with a near-maximum CVSS severity score of 9.8 out of 10. Microsoft has acknowledged that actual attackers are already taking advantage of this security flaw.
Notably, specific details regarding the nature of these exploits have been concealed by the company. There have been no indicators of compromise (IOCs) or extra data provided to help security professionals find any breaches. According to Microsoft, an anonymous tip was made about the vulnerability.
The Redmond, Washington-based company’s description of the vulnerability draws comparisons to the “Windows Downdate” problem, which was discussed at this year’s Black Hat cybersecurity conference.
The IT giant highlights that in order to fix the Windows Update bug, a two-step update process is essential. Installing the September 2024 Windows security update (KB5043083) should come first for users, then the Servicing stack update (SSU KB5043936). For optimal safety, this particular installation sequence is essential.
There are other incidents in addition to the Windows Update issue. The security response team at Microsoft has discovered three more zero-day vulnerabilities that are being used by bad actors. Among them are:
1.CVE-2024-38226: Microsoft Office Publisher’s security feature circumvention
2.CVE-2024-38217: A Windows Mark of the Web security feature circumvention
3.CVE-2024-38014: A Windows Installer issue involving the elevation of privilege
The Windows ecosystem is being targeted by a disturbing trend of cybersecurity threats, which is exacerbated by these recently discovered vulnerabilities. Microsoft has confirmed 21 zero-day attacks that have taken advantage of different product defects since the year’s commencement.
