CVE-2024-43491: Microsoft Windows Update Zero-Day Exploit
Overview CVE-2024-43491 is a critical zero-day vulnerability discovered in Microsoft’s Windows Update system, which allows attackers to reverse previously applied security updates. This vulnerability, actively exploited in the wild, enables a form of “downgrade attack”, effectively nullifying security patches and exposing systems to older vulnerabilities. The flaw was first disclosed by Microsoft in September 2024, after being flagged as a critical issue with a CVSS severity score of 9.8/10, one of the highest possible ratings for a security flaw....