Safety patches for Home windows are important for conserving your PC secure from growing threats. However downgrade assaults are a means of sidestepping Microsoft’s patches, and a safety researcher got down to present simply how deadly these may be.
SafeBreach safety researcher Alon Leviev talked about in an organization weblog submit that they’d created one thing referred to as the Home windows Downdate software as a proof-of idea. The software crafts persistent and irreversible downgrades on Home windows Server programs and Home windows 10 and 11 elements.
Leviev explains that his software (and comparable threats) performs a version-rollback assault, “designed to revert an immune, absolutely up-to-date software program again to an older model. They permit malicious actors to show and exploit beforehand fastened/patched vulnerabilities to compromise programs and achieve unauthorized entry.”
He additionally mentions that you should utilize the software to show the PC to older vulnerabilities sourced in drivers, DLLs, Safe Kernel, NT Kernel, the Hypervisor, and extra. Leviev went on to submit the next on X (previously Twitter): “Apart from customized downgrades, Home windows Downdate gives straightforward to make use of utilization examples of reverting patches for CVE-2021-27090, CVE-2022-34709, CVE-2023-21768 and PPLFault, in addition to examples for downgrading the hypervisor, the kernel, and bypassing VBS’s UEFI locks.”
When you have not checked it out but, Home windows Downdate software is stay! You need to use it to take over Home windows Updates to downgrade and expose previous vulnerabilities sourced in DLLs, drivers, the NT kernel, the Safe Kernel, the Hypervisor, IUM trustlets and extra!https://t.co/59DRIvq6PZ
— Alon Leviev (@_0xDeku) August 25, 2024
What’s additionally regarding is that the software is undetectable as a result of it could’t be blocked by endpoint detection and response (EDR) options, and your Home windows laptop will proceed to inform you it’s updated although it’s not. He additionally uncovered varied methods to show off Home windows virtualization-based safety (VBS), together with Hypervisor-Protected Code integrity (HVCI) and Credential Guard.
Microsoft launched a safety replace (KB5041773) on August 7 to repair the CVE-2024-21302 Home windows Safe Kernel Mode privilege escalation flaw and a patch for CVE-2024-38202. Microsoft has additionally launched some ideas Home windows customers can take to remain secure, akin to configuring “Audit Object Entry” settings to scan for file entry makes an attempt. The discharge of this new software reveals how uncovered PCs are to all types of assaults and the way you must by no means let your guard down relating to cybersecurity.
The excellent news is that we are able to relaxation straightforward for now for the reason that software was created as a proof-of-concept, an instance of “white-hat hacking” to find vulnerabilities earlier than menace actors do. Additionally, Leviev handed over his findings to Microsoft in February 2024, and hopefully, the software program large may have the mandatory fixes quickly.
