Microsoft
Security patches for window are indispensable for keep your personal computer safe from developing threats . But downgrade attacks are a path of sidestepping Microsoft ’s patches , and a security investigator ready out to show just how fateful these can be .
SafeBreach security investigator Alon Leviev mentioned in a companyblog postthat they ’d created something call the Windows Downdate tool as a validation - of concept . The tool crafts dogged and irreversibledowngradeson Windows Server system and Windows 10 and 11 factor .
Microsoft
Leviev explains that his peter ( and exchangeable threats ) performs a version - push back attack , “ design to return an resistant , fully up - to - date software back to an older translation . They allow malicious actor to expose and tap previously fixed / patched vulnerabilities to compromise systems and take in unauthorized admittance . ”
He also mentions that you’re able to use the tool to expose the PC to older vulnerability sourced in drivers , DLLs , Secure Kernel , NT Kernel , the Hypervisor , and more . Leviev went on topost the chase on X ( formerly Twitter ): “ Other than custom downgrades , Windows Downdate leave well-fixed to expend usage examples of reverting patch for CVE-2021 - 27090 , CVE-2022 - 34709 , CVE-2023 - 21768 and PPLFault , as well as exemplar for downgrading the hypervisor , the gist , and go around VBS ’s UEFI lock . ”
If you have not check it out yet , Windows Downdate tool is live ! you could use it to take over Windows Updates to downgrade and bring out past vulnerabilities sourced in DLLs , driver , the NT kernel , the Secure Kernel , the Hypervisor , IUM trustlets and more!https://t.co/59DRIvq6PZ
& mdash ; Alon Leviev ( @_0xDeku)August 25 , 2024
What ’s also bear on is that the creature is indiscernible because it ca n’t be block by endpoint detecting and response ( EDR ) solutions , and your Windows computer will continue to tell you it ’s up to date even though it ’s not . He also uncovered various ways toturn off Windowsvirtualization - based security ( VBS ) , including Hypervisor - Protected Code integrity ( HVCI ) and Credential Guard .
Microsoft free a security update ( KB5041773 ) on August 7 to fix theCVE-2024 - 21302Windows Secure Kernel Mode prerogative escalation flaw and a darn forCVE-2024 - 38202 . Microsoft has also releasedsome tipsWindows users can take to stay safe , such as configure “ Audit Object Access ” setting to read for file access attempts . The liberation of this new tool shows how exposed PCs are to all sorts of attacks and how you should never let your hold down when it comes to cybersecurity .
The good news is that we can roost soft for now since the shaft was create as a proof - of - conception , an example of “ white - hat hacking ” to discover vulnerabilities before scourge actors do . Also , Leviev turn over over his finding to Microsoft in February 2024 , and hopefully , the package giant star will have the necessary fix soon .
