Safety researchers have demonstrated a brand new menace for Microsoft Home windows customers which will make each system weak. Named ‘Downgrade assaults,’ the assaults exploit two zero-day vulnerabilities to downgrade a totally patched Home windows gadget to its weak state.
Home windows Downgrade Assaults Might ‘Unpatch’ Up to date Methods
Researchers from SafeBreach have shared an in depth blog post highlighting Downgrade assaults towards Home windows techniques.
As defined, downgrade assaults can ‘unpatch’ a goal system, reverting its standing to a earlier system model. Given that each current system replace brings safety fixes, reverting a system to an older model revives all of the patched vulnerabilities, making the system weak to cyber threats.
Such assaults grew to become attainable as a result of following two Home windows zero-day flaws.
- CVE-2024-38202 (CVSS 7.3; excessive severity): A privilege escalation vulnerability affecting Home windows Backup that permits VBS bypass and unpatching goal techniques.
- CVE-2024-21302 (CVSS 6.7; medium severity): A privilege escalation flaw affecting Home windows techniques supporting Virtualization Primarily based Safety (VBS). Exploiting the flaw permits reintroducing beforehand patched vulnerabilities, evading VBS options, and stealing information.
The researchers devised a selected Downdate instrument that bypasses safety features like Trusted Installer enforcement and integrity verification and targets essential working system parts, equivalent to DLLs, drivers, and NT kernel, to downgrade them. Such exact downgrading of parts reintroduces beforehand patched vulnerabilities with out letting the OS detect any points. Therefore, to the tip consumer, the system would generate no alarms relating to potential vulnerabilities.
Of their research, the researchers might simply compromise varied OS parts, finally compromising the VBS UEFI locks with out bodily accessing the goal system. Doing so allowed the researchers to totally downgrade the goal system to a former unpatched weak state.
The researchers have shared a demo video on the assault alongside different technical particulars of their submit. They introduced their findings on the just lately held Black Hat 2024.
For now, the vulnerabilities await a full patch, however Microsoft confirmed that it’s engaged on related mitigations in its security update.
Tell us your ideas within the feedback.
