The government is now warning about updates for Microsoft Windows users.
Updated on October 20 with Microsoft’s new Blue Screen of Death update warning.
Here we go again. What was described just three months ago as a “previously unknown” threat has now prompted a third warning from the US government to update or stop PCs. By exploiting old code hidden beneath the covers of today’s Windows systems, it has quickly become apparent that “a significant percentage of Windows devices are completely exposed and at risk of being taken over by attackers.”
The latest vulnerability is CVE-2024-43573, which the US Cyber Agency warns is “an unspecified spoofing vulnerability that could lead to loss of confidentiality.” It has instructed all federal employees to “apply measures as instructed by the supplier or discontinue use of the product if no remedies are available” by October 29. In other words, update your PC within the next ten days, or stop using it until you can.
As always, CISA’s mandate applies only to federal personnel, but it is intended “for the benefit of the cybersecurity community and network defenders – and to help any organization better manage vulnerabilities and keep pace with threat activity.” Since this is the third time in a few weeks such an exploitation of this type of vulnerability, and since the first fixes clearly did not complete the work, everyone is advised to update immediately. “Don’t ignore this,” Trend Micro warns. “Test and deploy this update quickly.”
In terms of timing, the interesting twist to this October alert is the 900 million Windows 10 users who have yet to move to Windows 11, now just a year away from end of life, which means end of support, which will cut these users off from updates like like this. Worse still, there are also reportedly 50 million Windows users running even older legacy versions of the operating system, meaning their machines are wide open to these threats.
The “previously unknown” threat that has now triggered an emergency update alert for the third time involves MSHTML, which – as Check Point explains – is a “special Windows Internet Shortcut file, which, when clicked, retires Internet Explorer (IE) calls to visit the attacker-controlled URL… By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant benefits in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.”
The first of these vulnerabilities, CVE-2024-38112, was disclosed in July and linked to infostealer attacks that Trend Micro attributed to APT group Void Banshee. Then, in September, CISA added CVE-2024-43461 to the Known Exploited Vulnerability (KEV) catalog, warning that the exploit was exploited “in conjunction with CVE-2024-38112.”
In disclosing the second of these MSHTML vulnerabilities, Trend Micro explained that “the specific flaw exists in the way Internet Explorer prompts the user after a file has been downloaded. A crafted file name can obscure the real file extension, misleading the user into believing that the file type is harmless. An attacker could exploit this vulnerability to execute code in the context of the current user.”
As for CVE-2024-43573 – the third MSHTML vulnerability in as many months and even the fourth this year, with CVE-2024-30040 disclosed in May, Trend Micro says it is “also very similar to the bug exposed in July was patched… There is no word from Microsoft on whether it is the same group, but given that there is no confirmation here, we believe the original patch was insufficient.”
Given that risk that the original fixes for the MSHTML threat may have been “insufficient,” all Windows users should update now to apply the October Patch Tuesday updates. There are clearly multiple active threats in the wild exploiting this ‘previously unknown’ threat, and it’s only going to get worse. That also means that if you’re already out of support or might be faced with one in October 2025, now that Windows 10 is no longer available, you should consider your options.
Once again, the complexity for Microsoft Windows users in updating to address serious security threats risks being hampered by headlines about bugs in the Windows update process that threaten to cause more problems than they solve.
If New According to reports, Microsoft has now confirmed “another bug causing blue screens of death in Windows 11 24H2.” This major, annual update that could have been a Windows 12 given its size, “has its own list of known bugs and issues, New say. “Some of these issues are quite serious and cause blue screens of death… However, now we have another known bug that causes system crashes.”
There have been other issues, but this one only seems to occur on PCs with Voicemeeter installed. If XDA reports: “Voicemeeter is the culprit that forced Microsoft to impose a ‘compatibility freeze’ on Windows 11 PCs using this application. Simply put, PCs with the Voicemeeter application installed will not be updated to Windows 11, version 24H2 for the time being. Please note, this is a temporary measure.”
If you have Voicemeeter on your PC, do not force an installation in any way. Microsoft warns that “we recommend that you do not attempt to manually update to version 24H2 using the Windows 11 Installation Assistant or the media creation tool until this issue is resolved,” explaining that “after installing Windows 11 , version 24H2, you may experience issues with your device when using the Voicemeeter application. While using the Voicemeeter application, your device may see a blue screen with an error message indicating a MEMORY MANAGEMENT error… To ensure your updating experience, we have applied a compatibility lock to devices that have this use application. These devices will not be offered to install Windows 11, version 24H2 through the Windows Update release channel.”
“Microsoft is not to blame here,” says XDA. “Fortunately, VB-Audio Software, the company that developed the Voicemeeter app, has started working on a fix, but there is no clarity on how many days it will take for the team to resolve the driver compatibility issue.” For affected users, make sure you still have the latest Windows update installed for you so that security issues are addressed. The same goes for others who experience such update issues, including those with Asus devices.
