CVE-2024-43491

2024-09-1017:15:36

CWE-416

microsoft

web.nvd.nist.gov

In Wild

microsoft

vulnerability

servicing stack

windows 10

version 1507

security update

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.023

Percentile

90.0%

JSON

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024—KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability.
This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order.
Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.

Affected configurations

Nvd

Vulners

Node

microsoftwindows_10_1507Range<10.0.10240.20766x64

microsoftwindows_10_1507Range≤10.0.10240.20766x86

VendorProductVersionCPE
microsoftwindows_10_1507*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
microsoftwindows_10_1507*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*

Vendor	Product	Version	CPE
microsoft	windows_10_1507	*	cpe:2.3:o:microsoft:windows_10_1507:::::::x64:*
microsoft	windows_10_1507	*	cpe:2.3:o:microsoft:windows_10_1507:::::::x86:*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Windows 10 Version 1507",
    "cpes": [
      "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20766:*:*:*:*:*:x86:*",
      "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20766:*:*:*:*:*:x64:*"
    ],
    "platforms": [
      "32-bit Systems",
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "10.0.0",
        "lessThan": "10.0.10240.20766",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]