Microsoft has issued an urgent alert regarding a critical vulnerability in its Windows Update service. The tech giant has confirmed that malicious actors are actively exploiting this flaw to reverse security patches on specific versions of the Windows operating system.
The vulnerability, identified as CVE-2024-43491, has been classified as critical due to its severity. While Microsoft has withheld details about the nature of the exploits, it emphasizes the importance of applying the necessary updates in the correct order to mitigate the risk.
Users are advised to install the Servicing stack update (KB5043936) followed by the September 2024 Windows security update (KB5043083). This two-step process is essential for effective protection against this critical vulnerability.
In addition to CVE-2024-43491, Microsoft has identified three other zero-day vulnerabilities that are being exploited:
- CVE-2024-38226: A security feature bypass in Microsoft Office Publisher
- CVE-2024-38217: A security feature bypass in Windows Mark of the Web
- CVE-2024-38014: An elevation of privilege vulnerability in Windows Installer
These vulnerabilities highlight the ongoing threat landscape and the importance of staying up-to-date with security patches. Microsoft urges users to prioritize updates to protect their systems from potential attacks.
By following Microsoft’s recommendations and applying the necessary updates promptly, users can help mitigate the risk posed by these critical vulnerabilities and safeguard their systems against malicious attacks.
