Updated on October 20 with Microsoft’s latest warning regarding the blue screen of death.
Once again, we face a significant security concern. What was previously identified as a “previously unknown” threat just three months ago has now led to a third advisory from the U.S. government urging users to update their PCs or discontinue use. By exploiting legacy code within modern Windows systems, it has become apparent that “a significant percentage of Windows devices are fully exposed and at risk of being compromised by attackers.”
The most recent vulnerability, identified as CVE-2024-43573, is described by the U.S. Cyber security and Infrastructure Security Agency (CISA) as “an unspecified spoofing vulnerability that may result in a loss of confidentiality.” Federal employees have been instructed to “apply mitigation according to vendor guidelines or cease use of the product if mitigation are not available” by October 29. In essence, users must update their PCs within the next ten days or refrain from using them until updates can be applied.
While CISA’s mandate specifically targets federal employees, it is intended to benefit the broader cybersecurity community and assist organizations in managing vulnerabilities and staying abreast of emerging threats. Given that this marks the third such emergency update within weeks, and initial fixes appear inadequate, all users are strongly encouraged to update their systems immediately. “Do not ignore this,” cautions Trend Micro. “Test and deploy this update as soon as possible.”
Compounding the urgency of this situation is the fact that there are approximately 900 million Windows 10 users yet to transition to Windows 11, which will reach end-of-life next year, effectively ceasing support and updates for those users. Furthermore, an estimated 50 million Windows users are still on even older, unsupported versions of the OS, leaving their systems vulnerable to these threats.
The “previously unknown” threat driving this emergency warning is linked to MSHTML, which, as Check Point describes, is a “special Windows Internet Shortcut file that, when clicked, invokes the retired Internet Explorer (IE) to access an attacker-controlled URL. By opening the URL in IE instead of the more secure Chrome or Edge browsers, attackers can exploit significant vulnerabilities even on modern Windows 10/11 systems.”
The first vulnerability, CVE-2024-38112, was disclosed in July and associated with infostealer attacks attributed to the APT group Void Banshee. In September, CISA added CVE-2024-43461 to its Known Exploited Vulnerability (KEV) catalog, noting its exploitation in conjunction with CVE-2024-38112.
Trend Micro further elaborated on the second MSHTML vulnerability, explaining that “the specific flaw lies in how Internet Explorer prompts users after a file is downloaded. A manipulated file name can obscure the true file extension, misleading users into believing the file type is benign. This vulnerability allows an attacker to execute code in the context of the current user.”
As for CVE-2024-43573—the third MSHTML vulnerability in three months and the fourth this year, following CVE-2024-30040 disclosed in May—Trend Micro indicates it “is also very similar to the flaw patched in July.” While Microsoft has not confirmed whether the same threat actors are involved, the lack of acknowledgment raises concerns that the original patch may have been inadequate.
Given these risks and the potential insufficiency of previous fixes, all Windows users are urged to update immediately, ensuring that October’s Patch Tuesday updates are installed. Multiple active threats are currently exploiting this “previously unknown” vulnerability, and the situation is expected to worsen. Users nearing end-of-life support for Windows 10 in October 2025 should also evaluate their options.
Complicating matters for Microsoft Windows users is the emergence of reports about bugs in the update process that may create more problems than they solve.
As Neowin reports, Microsoft has confirmed “another bug causing blue screens of death in Windows 11 24H2.” This major annual update, which could have been branded Windows 12 due to its scope, is accompanied by a list of known bugs and issues. Some of these are severe, resulting in system crashes. Currently, there is a compatibility hold on PCs with the Voicemeeter application installed, which has prompted Microsoft to halt updates for these systems to Windows 11, version 24H2.
For users with Voicemeeter on their PCs, it is advised not to force the update. Microsoft cautions against manually updating to version 24H2 using the Windows 11 Installation Assistant or media creation tool until the issue is resolved. Attempting to install this update while using Voicemeeter could lead to a blue screen error indicating a MEMORY MANAGEMENT issue. To safeguard users’ update experiences, Microsoft has implemented a compatibility hold on devices running this application.
“Microsoft isn’t to blame here,” XDA notes. “Fortunately, VB-Audio Software, the developer of Voicemeeter, is working on a resolution, though the timeline for fixing the driver compatibility issue remains unclear.” Affected users should ensure that they install the latest available Windows updates to address security vulnerabilities, a recommendation that also extends to others experiencing update issues, including those with Asus devices.
