CVE-2024-43491 (CVSS 9.8): Critical Windows 0-Day Flaw Uncovered, Urgent Patching Required

CVE-2024-43491 - Windows Update

Microsoft has disclosed a critical zero-day vulnerability in its Windows operating system, identified as CVE-2024-43491. The vulnerability, with a severity score of 9.8 (out of 10), resides within the Windows Servicing Stack and can enable remote code execution.

The root cause of this vulnerability is a flaw in the Servicing Stack that has rolled back security fixes for certain optional components in Windows 10 version 1507. Essentially, updates installed between March and August 2024 inadvertently undid prior security patches, leaving systems exposed to previously mitigated threats.

The vulnerability was introduced with the March 2024 Windows security update (KB5035858), which impacted Optional Components on systems running Windows 10, version 1507. These components include widely used features such as:

  • .NET Framework 4.6 Advanced Services
  • Internet Explorer 11
  • SMB 1.0/CIFS File Sharing Support
  • Windows Media Player
  • Active Directory Lightweight Directory Services

Due to a defect in the Servicing Stack, components updated after March 12, 2024, were mistakenly marked as “not applicable” and rolled back to their original state, making them vulnerable to previously patched security flaws.

Though primarily affecting the older Windows 10 version 1507, which reached its end-of-life in 2017, the vulnerability still poses a significant risk for the Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions, which are still actively supported.

Microsoft has not detected any active exploitation of CVE-2024-43491 in the wild, but the vulnerability is classified as Exploitation Detected because it affects previously known security issues that have been exploited. Attackers could potentially exploit these rolled-back vulnerabilities to gain remote code execution (RCE) privileges on vulnerable systems.

The Optional Components affected by the rollback of security patches could expose critical services such as Internet Information Services (IIS), Windows Fax and Scan, and XPS Viewer, making systems highly susceptible to attack.

The company has not released any indicators of compromise (IOCs) to help security teams detect potential exploit attempts, making patching the sole method for preventing further exposure.

Microsoft has addressed this vulnerability as part of its September 2024 Patch Tuesday release. Users are urged to install both the Servicing Stack update (KB5043936) and the September 2024 Windows security update (KB5043083) in that order to ensure their systems are fully protected.

Related Posts: