What is CVE-2024-43491?

CVE-2024-43491 is a critical-severity vulnerability in Microsoft Windows 10 Version 1507, classified under Use After Free. CVSS score: 9.8/10. Published 2024-09-10.

How severe is CVE-2024-43491?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2024-43491 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Microsoft Windows 10 Version 1507

CVE-2024-43491

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker co…

Vulnerability class: Use-After-Free

EPSS: 0.182 (95.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C.

Affected products

Microsoft Windows 10 Version 1507 — versions 10.0.10240.0

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

Microsoft Windows Update Remote Code Execution Vulnerability (vendor-advisory)

Frequently asked questions

What is CVE-2024-43491?: CVE-2024-43491 is a critical-severity vulnerability in Microsoft Windows 10 Version 1507, classified under Use After Free. CVSS score: 9.8/10. Published 2024-09-10.
How severe is CVE-2024-43491?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2024-43491 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.