Applies ToWindows Server 2012 Windows Server 2012 R2 Windows 10 Windows 10 Education, version 1607 Windows 10 Professional version 1607 Windows 10 Enterprise, version 1607 Windows 10 Enterprise version 1607 Windows 10 Enterprise, version 1809 Windows 10 Professional Education version 1607 Windows 10 Pro Education, version 1607 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows 10 Home and Pro, version 21H2 Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise, version 21H2 Windows 10 Home and Pro, version 22H2 Windows 10 Enterprise Multi-Session, version 22H2 Windows 10 Enterprise and Education, version 22H2 Windows 10 IoT Enterprise, version 22H2 Windows 11 Home and Pro, version 21H2 Windows 11 Enterprise Multi-Session, version 21H2 Windows 11 Enterprise and Education, version 21H2 Windows 11 IoT Enterprise, version 21H2 Windows 11 Home and Pro, version 22H2 Windows 11 Enterprise Multi-Session, version 22H2 Windows 11 Enterprise and Education, version 22H2 Windows 11 IoT Enterprise, version 22H2 Azure Local, version 22H2 Windows 11 Home and Pro, version 23H2 Windows 11 Enterprise and Education, version 23H2 Windows 11 Enterprise Multi-Session, version 23H2 Windows 11 IoT Enterprise, version 23H2

In this article

Overview

We have identified a vulnerability in the Microsoft Windows sign in screen when using a third-party (3P) Input Method Editor (IME) to sign in. This vulnerability could potentially compromise the security of your device during the sign in process. The Windows security update released on or after October 8, 2024 can help protect you from using a third-party (3P) IME when you sign in to your device. For more information about the vulnerability when using a third-party IME, see CVE-2024-43583

Conclusion

By following these recommendations of adding a Microsoft first-party (1P) IME to the sign in screen, you can help protect your device from potential vulnerabilities associated with a third-party (3P) IME during the sign in process. Ensuring that a Microsoft first-party (1P) IME is enabled will provide a more secure environment for your device. For further assistance or questions, please contact Microsoft Support.

References

Input Method Editors (IME)

​​​​​​​​​​​​​​Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.

We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.