Microsoft confesses its recent security updates…broke Windows 10 security patches

An earlier patch reverted previously-installed Windows 10 security updates

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In its latest Patch Tuesday cumulative update,Microsofthas confirmed an embarassing bug which broke oldersecurity patchesinstalled on Windows 10 devices.

The bug is tracked as CVE-2024- 43491, and affectsWindows 10version 1507 - an older version still supported for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015. It carries an almost maximum severity score - 9.8.

It is a rather strange vulnerability, caused by the way people install older security patches. If a user installs a security update released between March and August 2024, and then applies an update released since March 12, the OS will revert the updated software back to its base Release To Manufacturing (RTM) version. That way, the OS is basically reintroducing all of the security vulnerabilities patched in the meantime.

Patch Tuesday issues

Microsoft said that the following components are affected:

.NET Framework 4.6 Advanced Services \ ASP.NET 4.6Active Directory Lightweight Directory ServicesAdministrative ToolsInternet Explorer 11Internet Information Services\World Wide Web ServicesLPD Print ServiceMicrosoft Message Queue (MSMQ) Server CoreMSMQ HTTP SupportMultiPoint ConnectorSMB 1.0/CIFS File Sharing SupportWindows Fax and ScanWindows Media PlayerWork Folders ClientXPS Viewer

Since all of the bugs were patched in the past, Microsoft is considering this newest snafu as “exploited in the wild.”

“Starting with the Windows security update released March 12, 2024 - KB5035858 (OS Build 10240.20526), the build version numbers crossed into a range that triggered a code defect in the Windows 10 (version 1507) servicing stack that handles the applicability of optional components,” Microsoft explains.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“As a result, any optional component that was serviced with updates released since March 12, 2024 (KB5035858) was detected as ‘not applicable’ by the servicing stack and was reverted to its RTM version.”

If a user installed a previous security update, the rollback is already in effect, and they should install the September 2024 Servicing Stack Update and Security Update for Windows 10 to address the issue.

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

Alien: Romulus gets a Hulu release date but there’s still no word on when it’s coming to Disney Plus