CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43491

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
9.8/10
EPSS
0.07565/1

CVE-2024-43491 is a vulnerability in the Microsoft Windows 10 servicing stack that causes the rollback of fixes for optional components. This issue specifically affects Windows 10 version 1507, potentially allowing attackers to re-exploit previously mitigated vulnerabilities. Despite the CVSS score of 9.8, SOCRadar's Vulnerability Risk Score (SVRS) is 30, which highlights that although it’s important, it may not be as immediately critical as other vulnerabilities with higher SVRS scores because it only affects an end-of-life operating system. Affected systems include Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB that have installed updates between March and August 2024. The vulnerability is resolved by installing the September 2024 servicing stack update (KB5043936) followed by the September 2024 security update (KB5043083). Given that Windows 10, version 1507 is largely end-of-life, organizations should prioritize patching if they still operate systems using this version, particularly the LTSB editions. Failure to apply the fixes could expose the systems to known exploits that were previously addressed.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2024-09-10
LAST MODIFIED2024-12-31

Indicators of Compromise

TypeIndicatorDate
URL
https://mockup-external-poc-server.com2024-09-17
HOSTNAME
mockup-external-poc-server.com2024-09-17

Exploits

TitleSoftware LinkDate
Microsoft Windows Update Remote Code Execution Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-434912024-09-10
Microsoft Windows Update Use-After-Free Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-434912024-09-10
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The September 2024 Security Update Review
Dustin Childs2024-12-02
The September 2024 Security Update Review | We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for September 2024
zerodayinitiative.com
rss
forum
news
16th September – Threat Intelligence Report
hagarb2024-11-01
16th September – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused […] The post 16th September – Threat Intelligence Report appeared first on Check Point Research
checkpoint.com
rss
forum
news
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws - The Hacker News
2024-09-11
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws - The Hacker News | News Content: Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech giant resolved in its Chromium-based Edge browser since last month's Patch Tuesday release. The three vulnerabilities that
google.com
rss
forum
news
Microsoft just patched 79 Windows flaws including 4 actively exploited zero-days — update your PC right now - Tom's Guide
2024-09-12
Microsoft just patched 79 Windows flaws including 4 actively exploited zero-days — update your PC right now - Tom's Guide | News Content: Another month means another round of Patch Tuesday updates from Microsoft and this time, the software giant has fixed 79 different security flaws—including four zero-days that hackers are using in their attacks. As reported by BleepingComputer, seven of these vulnerabilities are critical and can be exploited to achieve either remote code execution or elevation of privileges. The rest are rated important save one, which is rated moderate. In total, there are 30 elevation of privilege flaws
google.com
rss
forum
news
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA2024-09-10
CISA Adds Four Known Exploited Vulnerabilities to Catalog | (Updated September 25, 2024)CISA has removed one vulnerability from its Known Exploited Vulnerabilities Catalog, based on information found in the FAQ section of Microsoft's Security Update Guide for CVE-2024-43491.  CVE-2024-43491 Microsoft Windows Update Remote Code Execution
cve-2024-43491
cve-2024-38226
cve-2024-38217
cve-2024-38014
16th September – Threat Intelligence Report - Check Point Research
2024-09-16
16th September – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused major service disruptions, including outages in check-in systems, baggage handling, and the Port’s website. The Port declined to pay the ransom. Check Point Harmony Endpoint and Threat Emulation provide protection against this
google.com
rss
forum
news
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs
Falcon Exposure Management Team2024-09-10
September 2024 Patch Tuesday: Four Zero-Days and Seven Critical Vulnerabilities Amid 79 CVEs | Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38226, CVE-2024-43491). Seven of the vulnerabilities are rated Critical in severity, while the remaining 72 are rated Important or Moderate. September 2024 Risk Analysis This month’s leading risk type is elevation of […]Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include
cve-2024-38217
cve-2024-38226
cve-2024-38014
cve-2024-38018

Social Media

CVE-2024-43491 - windows 10 critical vuln in windows update process allows attacker to bypass previous security patches, exposing systems! Affects version 1057 specifically enterprise 2015 LTBS! And IoT enterprise 2015 LTBS! Update accordingly!. https://t.co/ZebFZrn1eM
0
0
0
Actively exploited CVE : CVE-2024-43491
1
0
0
CVE-2024-43491 – Windows 10 Security Vulnerability – September 2024: Critical vulnerability (CVE-2024-43491) in the Microsoft Windows Update process allows attackers to bypass previous security patches, exposing systems to high risk.  Affected Platform … https://t.co/B5X3SbFlMF https://t.co/kOb8a31Uwm
0
0
0
#Microsoft Addresses Critical #ZeroDay Vulnerabilities (CVE-2024-43491) in September 2024 Patch Tuesday https://t.co/4yEilqEXua
0
0
0
CVE-2024-43491 - Security Update Guide - Microsoft - Microsoft Windows Update Remote Code Execution Vulnerability #SuggestedRead #devopsish https://t.co/sJ1i3uiMBA
0
0
0
Microsoft fixes 4 exploited zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) and a Windows 10 code defect (CVE-2024-43491) that reversed previous fixes in Sep 2024 Patch Tuesday. #Cybersecurity #TechNews #ZeroDay #Microsoft #PatchTuesday
0
0
0
Microsoft warns of active exploitation of Windows Update zero-day (CVE-2024-43491). Attackers can roll back security fixes on certain Windows versions. Critical 9.8 CVSS score. Users urged to install specific updates. #cybersecurity https://t.co/kTMY0ur0Fd
0
0
0
Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491) https://t.co/vPYAeumi9N https://t.co/Dx7mOFvwQi
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491
MICROSOFT WINDOWS UPDATE REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence