Tech News
Researchers Demonstrate Windows Downgrade Attacks
Security researchers have demonstrated a new threat for Microsoft Windows users that may make every system vulnerable. Named ‘Downgrade attacks,’ the attacks exploit two zero-day vulnerabilities to downgrade a fully patched Windows device to its vulnerable state.
Windows Downgrade Attacks May ‘Unpatch’ Updated Systems
Researchers from SafeBreach have shared a detailed blog post highlighting Downgrade attacks against Windows systems.
As explained, downgrade attacks can ‘unpatch’ a target system, reverting its status to a previous system version. Given that every recent system update brings security fixes, reverting a system to an older version revives all the patched vulnerabilities, making the system vulnerable to cyber threats.
Such attacks became possible due to the following two Windows zero-day flaws.
- CVE-2024-38202 (CVSS 7.3; high severity): A privilege escalation vulnerability affecting Windows Backup that allows VBS bypass and unpatching target systems.
- CVE-2024-21302 (CVSS 6.7; medium severity): A privilege escalation flaw affecting Windows systems supporting Virtualization Based Security (VBS). Exploiting the flaw allows reintroducing previously patched vulnerabilities, evading VBS features, and stealing data.
The researchers devised a specific Downdate tool that bypasses security features like Trusted Installer enforcement and integrity verification and targets critical operating system components, such as DLLs, drivers, and NT kernel, to downgrade them. Such precise downgrading of components reintroduces previously patched vulnerabilities without letting the OS detect any issues. Hence, to the end user, the system would generate no alarms regarding potential vulnerabilities.
In their study, the researchers could easily compromise various OS components, ultimately compromising the VBS UEFI locks without physically accessing the target system. Doing so allowed the researchers to fully downgrade the target system to a former unpatched vulnerable state.
The researchers have shared a demo video on the attack alongside other technical details in their post. They presented their findings at the recently held Black Hat 2024.
For now, the vulnerabilities await a full patch, but Microsoft confirmed that it is working on relevant mitigations in its security update.
Let us know your thoughts in the comments.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend