CVE-2024-43491 — Use After Free in Microsoft Windows 10 Version 1507

CWE-416 — Use After Free16 documents11 sources

Severity

9.8CRITICALNVD

EPSS

15.9%

top 5.24%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 1507 Msrc Windows 10 FOR 32-bit Systems +1 more

Timeline

PublishedSep 10

Latest updateOct 8

Description

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 1…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5microsoft/windows_10_version_150710.0.10240.0 — 10.0.10240.20766

▶NVDmicrosoft/windows_10_1507< 10.0.10240.20766+1

▶msrcmsrc/windows_10_for_32-bit_systems

▶msrcmsrc/windows_10_for_x64-based_systems

Patches

Patch: msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m882-rgxp-c7jh: Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Wind↗2024-09-10

▶

VulnCheck

Microsoft Windows Update Remote Code Execution Vulnerability↗2024

▶

📋Vendor Advisories

Microsoft

Microsoft Windows Update Remote Code Execution Vulnerability↗2024-09-10

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws↗2024-10-08

▶

Bleepingcomputer

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws↗2024-09-10

▶

Krebs

Bug Left Some Windows PCs Dangerously Unpatched↗2024-09-10

▶

Trendmicro

The September 2024 Security Update Review↗2024-09-10

▶

Qualys

Microsoft and Adobe Patch Tuesday, September 2024 Security Update Review↗2024-09-10

▶