Oct 29 Deadline Looms: Update Your Windows PC for Protection Against Exploit

We have uncovered yet another reason to stop using Internet Explorer. A major IE exploit has been found, and the US Government has requested a patch. Called CVE-2024-43573, it affects all Windows versions 11 and below. This extraordinary range of OSs affects up to 900 million people. Not good.

If the patch is not installed, CISA, the US cyber security agency mandates that the affected machine cannot be used. The update is so important that the government recommends not using the computer otherwise. If that's not a red alert, I don't know what is. 

Update your PC immediately with this patch. The deadline for federal employees to apply the Windows update is October 29, 2024. We'll walk you through how to install the patch below. But first, let's go through the vulnerability in a little more detail.

What is the CVE-2024-43573 Vulnerability?

CISA claims the vulnerability is "an unspecified spoofing vulnerability which can lead to a loss of confidentiality." CVW-2024-43573 is a spoofing exploit found in Microsoft's MSHTML platform. MSHTML is mainly used in Internet Explorer for rendering web content. The vulnerability lets an attacker trick users into interacting with fake, but seemingly legitimate, content. If the user falls prey to this attack, they can quickly lose confidentiality, and even control of their machine.

Essentially, attackers can hide malicious URLs within shortcut links, making it easier for users to fall victim when interacting with seemingly legitimate content. Unfortunately, this is the third MSHTML exploit found in as many months. The last two forced emergency updates as well.

Who Should Get the Update?

It is vital for Windows 11 and Windows 10 users to download the patch ASAP. However, Windows 10 has end of life in 2025, so it is particularly important to download the patch by then. 

To avoid surprises, it's best to upgrade to Windows 11 quickly. Unfortunately, for many users, it's not that simple. Aside from the OS cost itself, Windows 11 requires specific hardware requirements. Thankfully, applying the Windows 10 patch will plug any immediate holes. 

For anyone still on an earlier version, you will need to update your OS first, since it is out of support. Unfortunately, an estimated 50 million users are on Windows 8 or earlier.

Steps to Apply the Latest Windows Update

The Windows update deadline is approaching, but there are steps that can be taken to meet it. Let's go over a step-by-step solution for the patch. Microsoft makes it pretty easy to check for updates.

1. Check and Verify Windows Updates: To ensure you have the latest updates installed, follow these steps:

• Click on the Start menu, then go to Settings.

• Open Update & Security.

• In the Windows Update section, click Check for updates.

• If updates are available, Windows will automatically download and install them.

• If the patch is available, it will be installed, and you may be prompted to restart your computer to complete the installation.

Most people on both Windows 10 and 11 have automated updates in place. So it is possible the update already installed when the PC wasn’t being used. To verify:

• Go back to the Update & Security section.

• Click Check for updates again. If no new updates are available, your system is already up to date.

If, for whatever reason, you cannot download the patch, there are still options. Go to the Microsoft Security Update website, search for the patch ID CVE-2024-43573. Once you find it, download and install.

The Importance of Keeping Up-To-Date

These "red alert" patches are becoming more and more common. This patch is on the heels of two previous and similar exploits. Researchers found the first exploit in July and called it CVE-2024-38112. This was actually exploited by an APT group called Void Banshee.

The next one came in September and was dubbed CVE-2024-43461. (I promise there will be no quiz on these names.) Each one of these exploits are quite like the current exploit. All of them involve exposing attack vectors on the MSHTML framework. 

With that said, these things are happening again and again. It's critical to always, always, always keep your computers up to date. Make sure automated updates are in place. Even then, periodically check updates manually to verify your PC is indeed up to spec.

Final Thoughts

The discovery of CVE-2024-43573 highlights a critical vulnerability in Microsoft’s MSHTML platform. These keep popping up, which proves how important it is to update your PC. With the Windows update deadline of October 29 fast approaching, all users must apply the security patch to protect their systems from this exploit.

This is especially important for those on Windows 10 and earlier versions. Remember, if you fail to update your machine, you could easily fall prey to hackers. They'll have no qualms about stealing your data and hijacking your system.

As mentioned, Windows 10 system support ends in 2025. If you're using Windows 10, it's recommended to upgrade to the latest version. Doing so will ensure access to critical updates and enhanced security features. 

For Windows 11, we are happy to help with this Microsoft Windows 11 End-User Training. It has critical resources to prepare for updates and harden your security environment.