Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-43491

Опубликовано: 10 сент. 2024
Источник: nvd
CVSS3: 9.8
EPSS Средний

Описание

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Wi

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Версия до 10.0.10240.20766 (исключая)
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Версия до 10.0.10240.20766 (включая)

EPSS

Процентиль: 94%
0.15477
Средний

9.8 Critical

CVSS3

Дефекты

CWE-416
NVD-CWE-noinfo

Связанные уязвимости

msrc логотип

CVE-2024-43491

CVSS3: 9.8
msrc
10 месяцев назад

Microsoft Windows Update Remote Code Execution Vulnerability

github логотип

GHSA-m882-rgxp-c7jh

CVSS3: 9.8
github
10 месяцев назад

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only...

fstec логотип

BDU:2024-06872

CVSS3: 9.8
fstec
10 месяцев назад

Уязвимость центра обновлений операционной системы Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 94%
0.15477
Средний

9.8 Critical

CVSS3

Дефекты

CWE-416
NVD-CWE-noinfo