Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

August 8, 2024 at 06:45AM

Microsoft is developing security updates to tackle two vulnerabilities affecting Windows update architecture. The flaws can be exploited for downgrade attacks, allowing manipulation of system files and elevating privileges. Discovered by SafeBreach Labs researcher Alon Leviev, the vulnerabilities were presented at Black Hat USA 2024 and DEF CON 32, highlighting potential risks to Windows systems.

Key takeaways from the meeting notes:

1. Microsoft is developing security updates to address two vulnerabilities allowing for downgrade attacks against the Windows update architecture.
2. The vulnerabilities are identified as CVE-2024-38202 and CVE-2024-21302, with respective CVSS scores of 7.3 and 6.7.
3. SafeBreach Labs researcher Alon Leviev discovered and reported the flaws at Black Hat USA 2024 and DEF CON 32.
4. The vulnerabilities could be exploited to reintroduce past security flaws, bypass Virtualization Based Security (VBS) features, and manipulate critical OS components.
5. Leviev detailed a tool called Windows Downdate, capable of downgrading critical OS components without detection and making fully patched Windows machines vulnerable to past vulnerabilities.

These are the key points from the meeting notes regarding the Windows security vulnerabilities and the potential implications.

Full Article