"If a worker wants to do his job well, he must first sharpen his tools." - Confucius, "The Analects of Confucius. Lu Linggong"
Front page > Technology peripherals > Old is new: Windows vulnerability allows undetectable downgrade attacks

Old is new: Windows vulnerability allows undetectable downgrade attacks

Published on 2024-08-17
Browse:187

Old is new: Windows vulnerability allows undetectable downgrade attacks

At the 2024 Black Hat USA Conference, SafeBreach researcher Alon Leviev presented an attack that manipulates an action list XML file to push a “Windows Downdate” tool that bypasses all Windows verification steps and the Trusted Installer. The tool can also manipulate Windows to confirm that the system is fully updated.

The Windows Update Process was compromised before. Released in 2023, the BlackLotus UEFI Bootkit includes downgrade capabilities that utilize vulnerabilities in the Windows Update architecture. Similar to the method Leviev showcased, the BlackLotus Bootkit downgrades various system components to bypass the VBS UEFI locks. A threat actor can then use privilege escalation “zero-day” attacks on a previously up-to-date system. In a blog post on SafeBreach, Leviev stated “ I discovered multiple ways to disable Windows virtualization-based security (VBS), including its features such as Credential Guard and Hypervisor-Protected Code integrity (HVCI), even when enforced with UEFI locks. To my knowledge, this is the first time VBS’s UEFI locks have been bypassed without physical access.”

Leviev informed Microsoft of the vulnerabilities in February of this year. However, Microsoft is still developing a security update to revoke outdated and unpatched VBS systems. Microsoft also plans to release a guide to “provide customers with mitigations or relevant risk reduction guidance as they become available.” Guidance is necessary since, according to Leviev, these attacks are undetectable and invisible. To learn more or to see exploit in action, please visit the resources below.

Release Statement This article is reproduced at: https://www.notebookcheck.net/Old-is-new-Windows-vulnerability-allows-undetectable-downgrade-attacks.873020.0.html If there is any infringement, please contact [email protected] to delete it
Latest tutorial More>

Disclaimer: All resources provided are partly from the Internet. If there is any infringement of your copyright or other rights and interests, please explain the detailed reasons and provide proof of copyright or rights and interests and then send it to the email: [email protected] We will handle it for you as soon as possible.

Copyright© 2022 湘ICP备2022001581号-3