NewApp Digest
search bot

automatic fix

Microsoft posts guidance for CVE-2024-21302 VBS flaw that downgrades modern Windows PCs
Winsage
August 16, 2024

Microsoft posts guidance for CVE-2024-21302 VBS flaw that downgrades modern Windows PCs

Microsoft released Patch Tuesday updates for Windows operating systems, including KB5041580, KB5041578, KB5041773, and KB5041782 for Windows 10, and KB5041585, KB5041592 for Windows 11 versions 23H2, 22H2, and 21H2, along with KB5041571 for the upcoming 24H2 version. The company retired the problematic WinRE updates, KB5034440 and KB5034441. A newly discovered security vulnerability, tracked as CVE-2024-21302 and CVE-2024-38202, allows attackers to downgrade systems to vulnerable states undetected. This vulnerability affects Windows 10, Windows 11, Windows Server 2016, and higher systems, enabling attackers to replace current system files with outdated versions. Microsoft is developing a security update to address this issue and has released mitigation strategies for supported Windows versions. Administrators can deploy a Microsoft-signed revocation policy to prevent loading vulnerable VBS system files. Home users are advised against manually installing the policy and should wait for an automatic fix.
Microsoft kills unfixable KB5034440/KB5034441 updates, replaces with KB5042321/KB5042320
Winsage
August 14, 2024

Microsoft kills unfixable KB5034440/KB5034441 updates, replaces with KB5042321/KB5042320

Microsoft released its monthly Patch Tuesday updates, including KB5041580, KB5041578, KB5041773, and KB5041782 for Windows 10, and KB5041585, KB5041592, and KB5041571 for Windows 11 across versions 23H2, 22H2, 21H2, and the new 24H2. The company retired the problematic KB5034441 and KB5034440 WinRE updates, which caused the "0x80070643 - ERRORINSTALLFAILURE" error due to insufficient space in recovery partitions. These updates were initially meant to address a BitLocker Secure Boot bypass vulnerability (CVE-2024-20666). Microsoft acknowledged that an automatic fix for the installation failure would not be provided, leaving manual workarounds as the solution. The retired updates have been replaced with new support documents KB5042321 and KB5042320, which clarify that the update requires 250 MB of free space in the recovery partition to install successfully. Users are advised to resize their recovery partitions if necessary.
Crowdstrike tells Australian government it is ‘close to rolling out automatic fix’ after global outage
Winsage
July 21, 2024

Crowdstrike tells Australian government it is ‘close to rolling out automatic fix’ after global outage

- Company responsible for global IT outage working on automatic fix - Outage caused by cybersecurity firm Crowdstrike updating Falcon software - 8.5 million Windows devices affected by update - Crowdstrike and Microsoft close to rolling out fix - National coordination mechanism addressing outage - Crowdstrike identified and deployed fix, not a cyberattack - Critical infrastructure and government services not impacted - No food shortages despite ongoing issues in sectors like supermarkets - Some businesses may need to wait until Monday for IT support - Financial impact on businesses yet to be determined
Search