CVE-2024-43491 - Microsoft Windows Update Use-After-Free Vulnerability
Project:Microsoft
Product:Windows
Date Added:2024-09-10Due Date:2024-10-01
Vulnerability Name
Microsoft Windows Update Use-After-Free Vulnerability
Description
Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491
https://nvd.nist.gov/vuln/detail/CVE-2024-43491
Related News Articles
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flawsOctober 9, 2024
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows FlawsSeptember 11, 2024
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixesSeptember 11, 2024
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flawsSeptember 11, 2024
