Advisory 70: Microsoft Windows Update Remote Code Execution Vulnerability
Release Date: 14th of September 2024
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Office of the Chief Information Officer (OGCIO) provide the following advisory.
What is it?
The Microsoft Windows Update Remote Code Execution Vulnerability is a type of security flaw where an attacker could potentially execute malicious code on a victim's machine by exploiting the Windows Update service.
What are the Systems affected?
- Microsoft Windows 10 Version 1507 – 32-bit System and x64-based Systems
What this means?
If Vulnerabilities are not addressed, a cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. The Attacker could exploit these previously mitigated vulnerabilities on Windows 10.
Mitigation process
CERTVU Encourages users and administrators to review the below and apply necessary security updates.
References
- https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog
- https://www.cve.org/CVERecord?id=CVE-2024-43491
- Download advisory (English): Microsoft Windows Update Remote Code Execution Vulnerability