Updated on October 21 with details of a new Windows 11 upgrade workaround for older PCs, and the latest on Microsoft’s new blue screen of death update warnings. The article was originally published on October 19.
Here we go again. What was described as a “previously unknown” threat just three months ago has now prompted a third warning from the US government to update or stop using PCs. By exploiting old code buried under the covers of today’s Windows systems, it has quickly become clear that “a significant percentage of Windows devices are fully exposed and at risk of being taken over by attackers.”
The latest vulnerability is CVE-2024-43573, which the US cyber agency warns is “an unspecified spoofing vulnerability which can lead to a loss of confidentiality.” It has mandated all federal employees to “apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable” by October 29. In other words, update your PC within the next ten days, or stop using it until you can.
As ever, while CISA’s mandate applies only to federal staff, it’s intended “for the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity.” Given this is the third such exploitation of this type of vulnerability in a few weeks, and that the initial fixes clearly didn’t complete the job, all are well advised to update right away. “Don’t ignore this,” Trend Micro warns. “Test and deploy this update quickly.”
Timing-wise, the interesting twist with this October warning is the 900 million Windows 10 users yet to move to Windows 11, now just a year away from end-of-life meaning end of support, which will cut off those users from updates such as this. Worse, there are also a reported 50 million Windows users on even older legacy versions of the OS, which means their machines are wide open to these threats.
Add insertion
The “previously unknown” threat that has now driven it’s third emergency update warning relates to MSHTML, which—as Check Point explains—is a “special Windows Internet Shortcut file, which, when clicked, call the retired Internet Explorer (IE) to visit the attacker-controlled URL… By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.”
More from TechRadar Pro
Amajor Chinese botnet called Quad7 is being utilized to mount password spray attacks against organizations in the west, Microsoft experts have warned.
In a new report, the company’s researchers say the group, called Storm-0940, then use the passwords to establish persistence, steal even more credentials, and ultimately engage in more disruptive cyberattacks.