CVE-2024-43491
published 2024-09-10CVE-2024-43491: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.13%
95.6th percentile
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20766 | 10.0.10240.20766 |
| microsoft | windows_10_1507 | <= 10.0.10240.20766 | — |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20766 | 10.0.10240.20766 |
| msrc | windows_10_for_32-bit_systems | — | — |
| msrc | windows_10_for_x64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target systems are Windows 10 version 1507 (OS Build 10240.20526 or later through August 2024 updates) with one or more vulnerable Optional Components enabled. Enumerate Optional Components to identify exposure. ↗
- →Vulnerable optional components to check for on affected hosts include: .NET Framework 4.6/ASP.NET 4.6, Active Directory Lightweight Directory Services, Internet Explorer 11, IIS/World Wide Web Services, SMB 1.0/CIFS File Sharing Support, MSMQ Server Core, MSMQ HTTP Support, LPD Print Service, Windows Media Player, Work Folders Client, XPS Viewer, Windows Fax and Scan, MultiPoint Connector, Administrative Tools. ↗
- →The root cause is a code defect in the Windows 10 v1507 servicing stack triggered when build version numbers crossed a specific range, causing Optional Components to be detected as 'not applicable' and reverted to RTM. Detection should focus on identifying unpatched Optional Components on affected builds. ↗
- →CVE-2024-43491 is marked Exploitation Detected because the rollback reintroduced previously exploited CVEs — not because CVE-2024-43491 itself was exploited in the wild. Prioritize patching systems running KB5035858 through August 2024 updates. ↗
- →Remediation requires installing SSU KB5043936 FIRST, then security update KB5043083, in that specific order, on affected Windows 10 v1507 systems. ↗
- ·Only Windows 10 version 1507 (Enterprise 2015 LTSB and IoT Enterprise 2015 LTSB) is affected. All later versions of Windows 10 (released since November 2015) are NOT impacted. ↗
- ·Systems configured for automatic updates do not require manual intervention — they will receive both KB5043936 and KB5043083 automatically. ↗
- ·If any security update between March and August 2024 was already installed, the Optional Component fix rollback has already occurred and cannot be prevented retroactively — only the September 2024 updates restore the fixes. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
vendor_msrc9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m882-rgxp-c7jh: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Wind
ghsa_unreviewed·2024-09-10
CVE-2024-43491 [CRITICAL] CWE-416 GHSA-m882-rgxp-c7jh: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Wind
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB
VulnCheck
Microsoft Windows Update Remote Code Execution Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-43491 [CRITICAL] Microsoft Windows Update Remote Code Execution Vulnerability
Microsoft Windows Update Remote Code Execution Vulnerability
Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU
Microsoft
Microsoft Windows Update Remote Code Execution Vulnerability
vendor_msrc·2024-09-10·CVSS 9.8
CVE-2024-43491 [CRITICAL] CWE-416 Microsoft Windows Update Remote Code Execution Vulnerability
Microsoft Windows Update Remote Code Execution Vulnerability
Description: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stac
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
blogs_bleepingcomputer·2024-10-08·CVSS 6.5
[MEDIUM] Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
## Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
## Lawrence Abrams
28 Elevation of Privilege vulnerabilities
7 Security Feature Bypass vulnerabilities
43 Remote Code Execution vulnerabilities
6 Information Disclosure vulnerabilities
26 Denial of Service vulnerabilities
7 Spoofing vulnerabilities
This count does not include three Edge flaws that were previously fixed on October 3rd.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5044284 and KB5044285 cumulative updates and the Windows 10 KB5044273 update .
## Five zero-days disclosed
This month's Patch Tuesday fixes five zero-days, two of which were actively exploited in attacks, and all five were publicly disclosed.
Microsoft classi
Checkpoint
16th September – Threat Intelligence Report
blogs_checkpoint·2024-09-16
CVE-2024-43491 16th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 16th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused major service disruptions, including outages in check-in systems, baggage handling, and
Bleepingcomputer
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
blogs_bleepingcomputer·2024-09-10·CVSS 7.8
[HIGH] Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
## Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
## Lawrence Abrams
30 Elevation of Privilege Vulnerabilities
4 Security Feature Bypass Vulnerabilities
23 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
8 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5043076 cumulative update and Windows 10 KB5043064 update .
## Four zero-days disclosed
This month's Patch Tuesday fixes three actively exploited, one of which was publicly disclosed, and another that reintroduces old CVEs so is marked as exploited.
Microsoft classifies a zero-day flaw as one that is publicly disclosed or actively exploited whil
Krebs
Bug Left Some Windows PCs Dangerously Unpatched
blogs_krebs·2024-09-10·CVSS 7.3
CVE-2024-43491 [HIGH] Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
By far the most curious security weakness Microsoft disclosed today has the snappy name of CVE-2024-43491 , which Microsoft says is a vulnerability that led to the rolling back of fixes for some vulnerabilities affecting “optional components” on certain Windows 10 systems produced in 2015. Those include Windows 10 systems that installed the monthly security update for Windows released in March 2024, or ot
Trendmicro
The September 2024 Security Update Review
blogs_trendmicro·2024-09-10
The September 2024 Security Update Review
# The September 2024 Security Update Review
Get the September 2023 security update and review.
By: Zero Day Initiative
2024/09/10
Read time: ( words)
Save to Folio
We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for September 2024
For September, Adobe released eight bulletins covering 28 CVEs in Adobe Acrobat and Reader, ColdFusion, Photoshop, Media Encoder, Audition, After Effects, Premier Pro, and Illustrator.
Qualys
Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review
blogs_qualys·2024-09-10
Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2024
Adobe Patches for September 2024
Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Qualys Monthly Webinar Series
Microsoft’s September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications.
## Microsoft Patch Tuesday for September 2024
Microsoft Patch’s Tuesday, September 2024 edition addressed 79 vulnerabilities, including s
Talos
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
blogs_talos·2024-09-10·CVSS 7.8
CVE-2024-38226 [HIGH] Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
Microsoft disclosed four vulnerabilities that are actively being exploited in the wild as part of its regular Patch Tuesday security update this week in what’s become a regular occurrence for the company’s patches in 2024.
Two of the zero-day vulnerabilities, CVE-2024-38226 and CVE-2024-38014, exist in the Microsoft Publisher software and Windows Installer, respectively. Last month, Microsoft disclosed six vulnerabilities in its Patch Tuesday that were already being exploited in the wild.
In all, September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft also fixed a security issue that had already been publicly disclosed: CVE-2024-38217, a vulnerability in Windows Mark
Qualys
Microsoft & Adobe September 2024 Security Update Review | Qualys
blogs_qualys·2024-09-10
Microsoft & Adobe September 2024 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2024
- Adobe Patches for September 2024
- Zero-day Vulnerabilities Patched in September Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- Qualys Monthly Webinar Series
Microsoft’s September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications.
## Microsoft Patch Tuesday for September 2024
Microsoft Patch’s Tuesday, September 2024 edition addressed 79 vulnerabilities,
Krebs
Bug Left Some Windows PCs Dangerously Unpatched
blogs_krebs·2024-09-10·CVSS 7.3
CVE-2024-43491 [HIGH] Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.
By far the most curious security weakness Microsoft disclosed today has the snappy name of CVE-2024-43491, which Microsoft says is a vulnerability that led to the rolling back of fixes for some vulnerabilities affecting “optional components” on certain Windows 10 systems produced in 2015. Those include Windows 10 systems that installed the monthly security update for Windows released in March 2024, or oth
Talos
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
blogs_talos·2024-09-10·CVSS 7.8
CVE-2024-38226 [HIGH] Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
## Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
Microsoft disclosed four vulnerabilities that are actively being exploited in the wild as part of its regular Patch Tuesday security update this week in what’s become a regular occurrence for the company’s patches in 2024.
Two of the zero-day vulnerabilities, CVE-2024-38226 and CVE-2024-38014, exist in the Microsoft Publisher software and Windows Installer, respectively. Last month, Microsoft disclosed six vulnerabilities in its Patch Tuesday that were already being exploited in the wild.
In all, September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft
Trendmicro
The September 2024 Security Update Review
blogs_trendmicro·2024-09-10·CVSS 7.8
[HIGH] The September 2024 Security Update Review
## The September 2024 Security Update Review
Get the September 2023 security update and review.
By: Zero Day Initiative 2024/09/10 Read time: ( words)
Save to Folio
We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
CVE
Title
Severity
CVSS
Public
Exploited
XI
Type
CVE-2024-38217
Windows Mark of the Web Security Feature Bypass Vulnerability
Important
5.4
Yes
Yes
0
SFB
CVE-2024-43491 †
Microsoft Windows Update Remote
Tenable
Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
blogs_tenable·2024-09-10·CVSS 9.8
[CRITICAL] Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Crowdstrike
September 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] September 2024 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2024-09-10
Published
Exploited in the wild