Latest CVEs KBs Concerns and Mitigation Strategies

 

September 2024: Troubles with Windows 11 Update KB5043145

In September 2024, Microsoft released the optional update KB5043145 for Windows 11, targeting versions 24H2 and 23H2. Unfortunately, this update has caused significant issues for some users, leading to a range of frustrating problems.

Issues Reported

Many users have reported experiencing restart loops, blue or green screens, and unresponsive computers after installing the update. Additionally, the update has caused some USB or Bluetooth devices to stop working. Microsoft has confirmed that in some cases, this update can trigger the dreaded Blue Screen of Death (BSOD).

Troubleshooting Steps

If your device is stuck in a blue screen reboot loop, there are a few steps you can try to resolve the issue:

1. Boot into Safe Mode: This can often help you bypass the problematic update. To do this, restart your computer and press the F10, F11, Enter, or Delete key (depending on your laptop model) to access the boot menu. From there, select Safe Mode.
2. Windows Recovery Environment: If Safe Mode doesn’t work, try booting into the Windows Recovery Environment. This can be accessed in a similar way and offers more advanced troubleshooting options.

Microsoft’s Response

Microsoft has acknowledged the issues and is working on a Known Issue Rollback (KIR) to address the problems caused by the KB5043145 update. This rollback allows Microsoft to quickly revert specific changes made by the update without requiring users to uninstall the entire update.

Reference 

Windows 11 user hurt by the KB5043145 update? Microsoft offers a way out (msn.com)

Windows 11 KB5043145 update causes reboot loops, blue screens (bleepingcomputer.com)

Windows 11 KB5043145 BSODs PCs, breaks mouse, keyboard, WSL 2, WiFi (windowslatest.com)

Microsoft issues rollback for problematic KB5043145 update • The Register

-------------------------------------------------------------------------------------------------------------

August 2024 Windows Downgrade Vulnerability (CVE-2024-21302)

In August 2024, Microsoft released a crucial update as part of Patch Tuesday to address a series of Windows Update-related vulnerabilities that had the potential to expose systems to significant risks. Among these, CVE-2024-21302 emerged as a critical flaw in the update installation process, allowing attackers to downgrade the operating system to a previous, more vulnerable version.

Downgrade attacks are particularly dangerous because they revert the operating system to an outdated state, making the system susceptible to known exploits. The attacker essentially undoes critical security patches, opening the door to older vulnerabilities that had been mitigated in newer OS versions.

Associated Vulnerabilities: CVE-2024-38202 and CVE-2024-43491

CVE-2024-38202: Exploits Windows Update to take over and downgrade the OS.

CVE-2024-43491: Exploited in the wild, allowing attackers to force a system downgrade via the update system.

Disclosure Timeline

Microsoft was informed of these vulnerabilities as early as February 2024, but details were not disclosed until August 2024, as part of the monthly Patch Tuesday rollout. The delay was likely due to the complexity of the fixes, with initial patches causing unexpected side effects, including system crashes.

Mitigating CVE-2024-21302: What Can You Do?

To mitigate the risks associated with CVE-2024-21302, Microsoft has provided the KB5042562 update. While this update aims to resolve the downgrade issue, it's essential for organisations to ensure their systems are properly updated and that additional security measures are in place.

Reference

CVE Record CVE-2024-21302

KB5042562: Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates

August 2024 Security Updates