Microsoft issued an urgent alert on Tuesday about a critical vulnerability in Windows Update, warning that hackers are exploiting this flaw to reverse security patches on specific versions of the operating system.

The vulnerability, identified as CVE-2024-43491, carries a severity score of 9.8 out of 10 on the CVSS scale, making it a critical threat. Microsoft confirmed that this flaw is already being used in real-world attacks.

While Microsoft has not shared detailed information about the exploits, including indicators of compromise (IOCs) or tools to help security teams detect breaches, they did mention that the vulnerability was reported anonymously.

The company hinted that the flaw might be similar to the ‘Windows Downdate’ issue discussed at this year’s Black Hat cybersecurity conference. To protect against the vulnerability, Microsoft recommends a two-step update process: first, install the Servicing Stack Update (SSU KB5043936), then apply the September 2024 Windows security update (KB5043083). Following this specific order is crucial for proper protection.

In addition to this flaw, Microsoft identified three more zero-day vulnerabilities currently under attack:

• CVE-2024-38226: A security feature bypass in Microsoft Office Publisher
• CVE-2024-38217: A security feature bypass in Windows Mark of the Web
• CVE-2024-38014: An elevation of privilege vulnerability in Windows Installer

These new threats highlight a growing cybersecurity concern targeting the Windows ecosystem, adding to a total of 21 zero-day vulnerabilities that Microsoft has confirmed attackers have exploited this year.