August 7, 2024 at 04:31PM
SafeBreach security researcher Alon Leviev disclosed at Black Hat 2024 two unpatched zero-days that can be exploited in downgrade attacks on up-to-date Windows 10, 11, and Windows Server systems. Microsoft issued advisories for CVE-2024-38202 and CVE-2024-21302, providing mitigation guidance. The vulnerabilities allow for system compromise, making fully patched systems susceptible to past vulnerabilities.
Based on the meeting notes, here are the key takeaways:
1. SafeBreach security researcher Alon Leviev discovered and disclosed two zero-day vulnerabilities that could be exploited in downgrade attacks to compromise fully updated Windows 10, Windows 11, and Windows Server systems.
2. The vulnerabilities (CVE-2024-38202 and CVE-2024-21302) allow threat actors to force updated devices to roll back to older software versions, reintroducing known vulnerabilities.
3. The downgrade attack is undetectable and cannot be blocked by endpoint detection and response (EDR) solutions. Despite being downgraded, Windows Update falsely reports that the device is fully updated.
4. Microsoft is still working on a fix for the vulnerabilities and has issued security advisories with mitigation advice until a security update is released.
5. Leviev’s findings have significant implications for the security of widely used desktop operating systems, not just Microsoft Windows.
6. Microsoft has not provided a timeline for when security updates will be available.
These takeaways provide a clear summary of the critical points discussed in the meeting notes.