Technology

Microsoft confesses its recent security updates…broke Windows 10 security patches

September 11, 2024

In its latest Patch Tuesday cumulative update, Microsoft has confirmed an embarassing bug which broke older security patches installed on Windows 10 devices.

The bug is tracked as CVE-2024- 43491, and affects Windows 10 version 1507 – an older version still supported for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015. It carries an almost maximum severity score – 9.8.

It is a rather strange vulnerability, caused by the way people install older security patches. If a user installs a security update released between March and August 2024, and then applies an update released since March 12, the OS will revert the updated software back to its base Release To Manufacturing (RTM) version. That way, the OS is basically reintroducing all of the security vulnerabilities patched in the meantime.

Patch Tuesday issues

Microsoft said that the following components are affected:

.NET Framework 4.6 Advanced Services \ ASP.NET 4.6
Active Directory Lightweight Directory Services
Administrative Tools
Internet Explorer 11
Internet Information Services\World Wide Web Services
LPD Print Service
Microsoft Message Queue (MSMQ) Server Core
MSMQ HTTP Support
MultiPoint Connector
SMB 1.0/CIFS File Sharing Support
Windows Fax and Scan
Windows Media Player
Work Folders Client
XPS Viewer

Since all of the bugs were patched in the past, Microsoft is considering this newest snafu as “exploited in the wild.”

“Starting with the Windows security update released March 12, 2024 – KB5035858 (OS Build 10240.20526), the build version numbers crossed into a range that triggered a code defect in the Windows 10 (version 1507) servicing stack that handles the applicability of optional components,” Microsoft explains.

“As a result, any optional component that was serviced with updates released since March 12, 2024 (KB5035858) was detected as ‘not applicable’ by the servicing stack and was reverted to its RTM version.”

If a user installed a previous security update, the rollback is already in effect, and they should install the September 2024 Servicing Stack Update and Security Update for Windows 10 to address the issue.

Via The Register

More from TechRadar Pro

Facebook
Twitter
Pinterest
WhatsApp

Previous articleIt’s What’s Inside is one of my most-anticipated new Netflix movies for Halloween after seeing the nightmare trip trailer
Next articleKim Jong Un promises to ‘steadily strengthen’ North Korea’s ‘nuclear force’

M Adam
https://technologiesandgadgets.com/

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar