Windows 10 Enterprise 2015 LTSB</a> and <a href=https://feedly.com/cve/"https://learn.microsoft.com/en-us/lifecycle/products/windows-10-iot-enterprise-ltsb-2015">Windows 10 IoT Enterprise 2015 LTSB</a> editions are still under support.</p> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"/>Windows 10 Enterprise 2015 LTSB</a> and <a href=https://feedly.com/cve/"https://learn.microsoft.com/en-us/lifecycle/products/windows-10-iot-enterprise-ltsb-2015">Windows 10 IoT Enterprise 2015 LTSB</a> editions are still under support.</p> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"/>
Use After Free (CWE-416)
A vulnerability in the Microsoft Servicing Stack has rolled back fixes for previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 (KB5035858, OS Build 10240.20526) or other updates released until August 2024. This vulnerability affects only Windows 10 version 1507; all later versions of Windows 10 are not impacted. The vulnerability reintroduces previously patched vulnerabilities, potentially exposing affected systems to various attacks that were thought to have been mitigated.
This vulnerability has a critical impact, with a CVSS base score of 9.8. It allows for remote code execution with no user interaction required, potentially leading to full system compromise. The vulnerability affects the confidentiality, integrity, and availability of the system, all rated as 'HIGH' impact. It reintroduces multiple previously patched vulnerabilities, exposing affected systems to a wide range of potential attacks. The vulnerability is actively being exploited in the wild and has been added to the CISA Known Exploited Vulnerability list, indicating its severity and the urgency for patching.
There is no evidence that a public proof-of-concept exists. The vulnerability is actively being exploited in the wild and was added to the CISA Known Exploited Vulnerability list. Its exploitation has been reported by various sources, including anoopcnair.com.
A patch is available and should be prioritized for immediate deployment. The vulnerability is addressed by installing two updates in a specific order: 1. The September 2024 Servicing stack update (SSU KB5043936) 2. The September 2024 Windows security update (KB5043083) It is crucial to install these updates in the order specified to properly address the vulnerability.
1. Immediately install the September 2024 Servicing stack update (SSU KB5043936) followed by the September 2024 Windows security update (KB5043083) on all affected systems. 2. If immediate patching is not possible, consider isolating affected systems from the network to minimize the risk of exploitation. 3. Monitor systems for any suspicious activities that might indicate exploitation of the reintroduced vulnerabilities. 4. For organizations still using Windows 10 Enterprise 2015 LTSB or Windows 10 IoT Enterprise 2015 LTSB, plan for migration to newer, supported versions as soon as feasible. 5. Regularly update and patch systems, and consider implementing a robust vulnerability management program to prevent similar issues in the future.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Detection for the vulnerability has been added to Qualys (92172)
A CVSS base score of 9.8 has been assigned.
Feedly found the first article mentioning CVE-2024-43491. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-43491
Attacks in the wild have been reported by HTMD Community Modern Device Management News & Guides. See article
Attacks in the wild have been reported by CISA Known Exploited Vulnerability.
Detection for the vulnerability has been added to Nessus (206908)
This CVE started to trend in security discussions