Updated June 29 with details on the reboot loop affecting some Windows 11 users.
Timing is of the essence—especially so as millions of Microsoft Windows users rush to update their PCs before the Fourth of July.
Just two weeks ago, we saw a related Windows vulnerability resurface. While Microsoft did not offer any known exploits for CVE-2024-26169, security researchers at Symantec thought a little differently: There was “certain evidence” that attackers “compiled the CVE-2024-26169 exploit prior to installation”.
Just last month, several US government agencies, including CISA and the FBI, jointly issued a cybersecurity alert warning that “Black Basta affiliates have affected numerous companies and critical infrastructure in North America, Europe and Australia.” Dough affiliates have infected more than 500 companies worldwide.
Black Basta is a ransomware-as-a-service (RaaS) group targeting “12 out of 16 critical infrastructure sectors,” “including healthcare and public health (HPH”), authorities said. However, the group’s activities extend beyond the public sector and include companies such as Hyundai, Rheinmetall, Capita and ABB.
Timing is everything. For Microsoft, the stories are converging as Symantec suggested “Cardinal Cybercrime Group (aka Storm-1811, UNC4393) running the Black Basta ransomware” in the weeks before the March patch.
CISA added CVE-2024-26169 to the Known Exploit Vulnerability (KEV) catalog, designated it as “known for use in ransomware campaigns,” and made it available to all Windows systems on July 4th. Update or completion date required.
This obligation only applies to: CISA, a U.S. federal agency, “requires all organizations to reduce exposure to cyberattacks by prioritizing timely remediation.”
With Black Basta ransomware payouts now over $100 million, it’s a gamble that companies must take without patching Windows systems. All must comply with CISA’s July 4 update guidelines. The specific issue here is less relevant to individual users. However, if you haven’t updated yet, please do so now.
Since this article was published, the situation has become more complicated for Windows 11 users as news has surfaced that some users who have installed Windows 11 June KB5039302 are experiencing unexpected reboot loops.
Microsoft warns users that “some devices may not boot after installing the update (KB5039302) released on June 26, 2024,” adding that “affected systems may require repeated recovery operations to reboot and restore normal operation.”
Don’t let these headlines surprise you and keep updating as usual.
KB5039302 itself is not a required update or security update. So leave these headings aside and continue as usual. This update should not be confused with a security patch that addresses a vulnerability in the Microsoft Windows Error Reporting Service. Either way, your Windows 11 PC is probably not affected by the new issue. The reboot loop affects corporate machines running “virtual machine tools and nested virtualization features,” so home users likely won’t be affected, Microsoft said. Users will continue to see relevant updates when available.
The issues addressed in the CISA notice were addressed prior to its release in June and remain urgent, according to Black Basta. That means even if Microsoft removes KB5039302 for some users, you still need to update your PC before the July 4th deadline.
A larger issue is looming that will affect Windows home users, but the deadline is still more than a year away from October 14, 2025. A few days before Symantec’s report, Microsoft again urged Windows 10 users to upgrade to Windows 11 to update. With 70 percent of users yet to switch by the end of support next year, the challenge will only grow as Microsoft begins its sustained assault on PCs worldwide.
Bhupendra Singh Chundawat is a seasoned technology journalist with over 22 years of experience in the media industry. He specializes in covering the global technology landscape, with a deep focus on manufacturing trends and the geopolitical impact on tech companies. Currently serving as the Editor at Udaipur Kiran, his insights are shaped by decades of hands-on reporting and editorial leadership in the fast-evolving world of technology.
