Updated June 29 with details of a restart loop impacting some Windows 11 users.
Timing is everything—and that’s especially true for the millions of Microsoft Windows users with a fast-approaching July 4 deadline to update their systems.
It’s just two weeks ago that we saw a patched Windows vulnerability come back to life. While Microsoft had suggested no known exploits for CVE-2024-26169, Symantec’s security researchers thought somewhat differently, with “some evidence” that attackers “compiled a CVE-2024-26169 exploit prior to patching.”
And it’s just last month that several U.S. government agencies—including CISA and the FBI—collaborated on a Cybersecurity Advisory warning that “Black Basta affiliates have impacted a wide range of businesses and critical infrastructure in North America, Europe, and Australia. As of May 2024, Black Basta affiliates have impacted over 500 organizations globally.”
Black Basta is a Ransomware-as-a-Service (RaaS) group that has targeted “12 out of 16 critical infrastructure sectors,” the agencies said, “including the Healthcare and Public Health (HPH) Sector.” But the group’s activities have extended well beyond the public sector, hitting the likes of Hyundai, Rheinmetall, Capita and ABB.
Timing is everything. And these stories come together—somewhat awkwardly for Microsoft—because Symantec suggested it was “the Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware” that was likely exploiting the privilege escalation vulnerability in Microsoft’s Windows Error Reporting Service for several weeks before it was patched in March.
CISA has added CVE-2024-26169 to its Known Exploit Vulnerability (KEV) catalog, flagging that it is “known to be used in ransomware campaigns” and mandating all Windows systems be updated or shut down by July 4. That mandate only applies to US federal agencies, but CISA says it “strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation.”
Black Basta has now generated significantly more than $100 million in ransomware payments, and so leaving Windows systems unpatched is a gamble no organization should take. All should follow CISA’s July 4 update mandate. While the specific issue here is less relevant to personal users, update right away if you haven’t done so.
Since this article was published, the situation for Windows 11 users has been complicated by spreading news of an unexpected restart loop impacting some users installing June’s Windows 11 KB5039302.
Microsoft has warned users that “after installing updates released June 26, 2024 (KB5039302), some devices might fail to start,” advising that “affected systems might restart repeatedly and require recovery operations in order to restore normal use.”
Don’t be alarmed by these headlines and proceed to update as usual.
KB5039302 is not a mandatory update in itself and is not a security update—as such, put those headlines aside and proceed as normal. Do not confuse this update with the security patching that resolves the Microsoft Windows Error Reporting Service vulnerability. In any case, it’s highly likely that your Windows 11 PC will be unaffected by the new issue. This restart loop impacts enterprise machines running “virtual machines tools and nested virtualization features,” Microsoft has said, which means home users are less likely to be hit. Users will still see relevant updates as available.
The issues covered by CISA’s warning were patched ahead of June’s release, and given the Black Basta angle, the urgency remains. And that means that while Microsoft may have pulled KB5039302 for some users, you should still ensure you update your PC ahead of the July 4 deadline.
The much bigger issue that does impact Windows home users is now fast approaching, albeit that deadline is still more than a year away on October 14, 2025. Just days before Symantec’s report, we saw Microsoft again urging Windows 10 users to upgrade to Windows 11. With a daunting 70% of users yet to make the switch ahead of next year’s end-of-life, that challenge is becoming ever more acute and Microsoft’s nags have started to hit PCs worldwide.
When Windows 10 goes end-of-life it also goes end-of-support. No more security updates for users unwilling to upgrade or pay a new and expensive annual fee.
And so to all those corporate and personal Windows 1o holdouts. “It’s time to upgrade your PC before end of support,” Microsoft urges. “End of support for Windows arrives on October 14, 2025. This means your desktop won’t receive technical support or security updates after that date.”
And that’s simply not a risk worth taking—certainly not with Windows.
source