Microsoft: Zero-day vulnerability rolled back previous patches

Microsoft has disclosed a critical ‘zero-day’ vulnerability, tracked as CVE-2024-43491, with a CVSS rating of 9.8, that affects Windows 10. This vulnerability, which requires no user interaction for exploitation, allows for remote code execution. It also rolled back fixes for older vulnerabilities in the system. While it is reported as ‘exploited’, Microsoft has found no proof of this being the case. Remediation involves installing the September 2024 servicing stack update. The US Cybersecurity and Infrastructure Security Agency subsequently added the vulnerability to its catalogue of known exploited vulnerabilities.