msrc_cve-2024-43491
Vulnerability from csaf_microsoft
Published
2024-09-10 07:00
Modified
2024-09-10 07:00
Summary
Microsoft Windows Update Remote Code Execution Vulnerability
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action
Required. The vulnerability documented by this CVE requires customer action to resolve.
{
"document": {
"acknowledgments": [
{
"names": [
"Anonymous"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491"
},
{
"category": "self",
"summary": "CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2024/msrc_cve-2024-43491.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Windows Update Remote Code Execution Vulnerability",
"tracking": {
"current_release_date": "2024-09-10T07:00:00.000Z",
"generator": {
"date": "2024-12-31T23:02:29.860Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-43491",
"initial_release_date": "2024-09-10T07:00:00.000Z",
"revision_history": [
{
"date": "2024-09-10T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.20766",
"product": {
"name": "Windows 10 for 32-bit Systems \u003c10.0.10240.20766",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "10.0.10240.20766",
"product": {
"name": "Windows 10 for 32-bit Systems 10.0.10240.20766",
"product_id": "10729"
}
}
],
"category": "product_name",
"name": "Windows 10 for 32-bit Systems"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.10240.20766",
"product": {
"name": "Windows 10 for x64-based Systems \u003c10.0.10240.20766",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "10.0.10240.20766",
"product": {
"name": "Windows 10 for x64-based Systems 10.0.10240.20766",
"product_id": "10735"
}
}
],
"category": "product_name",
"name": "Windows 10 for x64-based Systems"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43491",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Customers need to install both the servicing stack update (KB5043936) AND security update (KB5043083), released on September 10, 2024, to be fully protected from the vulnerabilities that this CVE rolled back. For more information see KB5043083.\nCustomers whose systems are configured to receive automatic updates do not need to take any further action.",
"title": "How do I restore the fixes that this Windows Servicing Stack vulnerability rolled back?"
},
{
"category": "faq",
"text": "This CVE documents the rollback of fixes that addressed vulnerabilities which affected some Optional Components for Windows 10 (version 1507). Some of these CVEs were known to be exploited, but no exploitation of CVE-2024-43491 itself has been detected.\nIn addition, the Windows product team at Microsoft discovered this issue, and we have seen no evidence that it is publicly known.",
"title": "This CVE is marked as Exploitation Detected. Has Microsoft seen this vulnerability exploited in the wild?"
},
{
"category": "faq",
"text": "No. If you have installed any of the previous security updates released between March and August 2024, the rollbacks of the fixes for CVEs affecting Optional Components have already occurred. To restore these fixes customers need to install the September 2024 Servicing Stack Update and Security Update for Windows 10.\nFor more information see KB5043083.",
"title": "Are there any actions I can take to prevent the rollback of previously fixed CVEs that this vulnerability caused?"
},
{
"category": "faq",
"text": "Starting with the Windows security update released March 12, 2024 - KB5035858 (OS Build 10240.20526), the build version numbers crossed into a range that triggered a code defect in the Windows 10 (version 1507) servicing stack that handles the applicability of Optional Components. As a result, any Optional Component that was serviced with updates released since March 12, 2024 (KB5035858) was detected as \u0026quot;not applicable\u0026quot; by the servicing stack and was reverted to its RTM version.",
"title": "Why were previously fixed CVEs rolled back?"
},
{
"category": "faq",
"text": "No. Only Windows 10 (version 1507) (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) with Optional Components enabled from the following list are vulnerable. All other versions of Windows 10 released since November 2015 are not affected.\n.NET Framework 4.6 Advanced Services \\ ASP.NET 4.6, Active Directory Lightweight Directory Services, Administrative Tools, Internet Explorer 11, Internet Information Services\\World Wide Web Services, LPD Print Service, Microsoft Message Queue (MSMQ) Server Core, MSMQ HTTP Support, MultiPoint Connector, SMB 1.0/CIFS File Sharing Support, Windows Fax and Scan, Windows Media Player, Work Folders Client, XPS Viewer",
"title": "Are all installations of Windows vulnerable?"
}
],
"product_status": {
"fixed": [
"10729",
"10735"
],
"known_affected": [
"1",
"2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491"
},
{
"category": "self",
"summary": "CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-10T07:00:00.000Z",
"details": "10.0.10240.20766:Security Update:https://support.microsoft.com/help/5043083",
"product_ids": [
"2",
"1"
],
"url": "https://support.microsoft.com/help/5043083"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "FUNCTIONAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Remote Code Execution"
},
{
"category": "exploit_status",
"details": "Exploited:Yes;Latest Software Release:Exploitation Detected"
}
],
"title": "Microsoft Windows Update Remote Code Execution Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.