Subj : Microsoft confesses its recent security updates...broke Windows 1 To : All From : TechnologyDaily Date : Wed Sep 11 2024 17:15:05 Microsoft confesses its recent security updates...broke Windows 10 security patches Date: Wed, 11 Sep 2024 16:02:00 +0000 Description: An earlier Windows security patch reverted many updates installed in the past - and the only fix is to install more updates. FULL STORY ====================================================================== In its latest Patch Tuesday cumulative update, Microsoft has confirmed an embarassing bug which broke older security patches installed on Windows 10 devices. The bug is tracked as CVE-2024- 43491, and affects Windows 10 version 1507 - an older version still supported for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015. It carries an almost maximum severity score - 9.8. It is a rather strange vulnerability, caused by the way people install older security patches. If a user installs a security update released between March and August 2024, and then applies an update released since March 12, the OS will revert the updated software back to its base Release To Manufacturing (RTM) version. That way, the OS is basically reintroducing all of the security vulnerabilities patched in the meantime. Patch Tuesday issues Microsoft said that the following components are affected: ..NET Framework 4.6 Advanced Services \ ASP.NET 4.6 Active Directory Lightweight Directory Services Administrative Tools Internet Explorer 11 Internet Information Services\World Wide Web Services LPD Print Service Microsoft Message Queue (MSMQ) Server Core MSMQ HTTP Support MultiPoint Connector SMB 1.0/CIFS File Sharing Support Windows Fax and Scan Windows Media Player Work Folders Client XPS Viewer Since all of the bugs were patched in the past, Microsoft is considering this newest snafu as exploited in the wild. "Starting with the Windows security update released March 12, 2024 - KB5035858 (OS Build 10240.20526), the build version numbers crossed into a range that triggered a code defect in the Windows 10 (version 1507) servicing stack that handles the applicability of optional components," Microsoft explains. "As a result, any optional component that was serviced with updates released since March 12, 2024 (KB5035858) was detected as 'not applicable' by the servicing stack and was reverted to its RTM version." If a user installed a previous security update, the rollback is already in effect, and they should install the September 2024 Servicing Stack Update and Security Update for Windows 10 to address the issue. Via The Register More from TechRadar Pro Time's up for Windows 11 21H2 and 22H2: Microsoft's final call before its next Patch Tuesday mandatory update to 23H2 Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/vpn/microsoft-confesses-its-recent-security-upda tes-broke-windows-10-security-patches --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .