Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

October 28, 2024 at 01:42AM A new attack method can bypass Microsoft’s Driver Signature Enforcement on up-to-date Windows systems, enabling the loading of unsigned drivers and potential OS downgrades. This technique allows attackers to deploy rootkits, compromising system security. Enabling Virtualization-Based Security with UEFI lock and Mandatory flag can mitigate these vulnerabilities. ### Meeting Takeaways … Read more

New Windows Driver Signature bypass allows kernel rootkit installs

October 26, 2024 at 08:34AM Attackers can exploit Windows Update to downgrade kernel components, bypassing security features and allowing rootkit deployment on patched systems. Researcher Alon Leviev demonstrated this vulnerability and developed a tool called Windows Downdate, highlighting the dangers of downgrade attacks that undermine the meaning of a “fully patched” system. ### Meeting Takeaways: … Read more

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

August 7, 2024 at 10:57AM A new Linux kernel exploitation technique named SLUBStick has been uncovered, offering the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive. This method demonstrates the ability to modify kernel data and overcome existing defenses, but it relies on the existence of a heap vulnerability and … Read more