Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions

[FlyingPenguin]

If you defer updates, like me, this is not one to defer. All it takes is to right-click, drag and drop or delete (yes delete!) a malicious file to trigger the exploit.

https://www.securityweek.com/windows-ze ... e-actions/

You can download just the patch for this exploit here, if you prefer not to play Russian Roulette with Windows Update:

https://msrc.microsoft.com/update-guide ... 2024-43451

[Losbot]

Crap. Thanks for the heads up!

[FlyingPenguin]

That manual download is just a bunch of cab files with no installer, so I think it requires a local update server.

I just imaged the drive last week anyway, and I'm 2 months behind on updates, so I just let it catch up.

I'm so sick of MS updates that I may go ahead and install 0patch this month and turn updates off.

[Executioner]

Hard to believe how fast time flies. 10 will be EOL in October 2025 or just about 11 months away. I'm planning to stay on 10 on my desktop. My laptop has 11.
I have Windows update always on so I get them as necessary.