Researchers disclose Home windows “downgrade” assault as Microsoft supplies a mitigation methodology
In a nutshell: Researchers have developed a cyberattack that reverses Home windows safety updates to take advantage of beforehand patched vulnerabilities. Though they can’t deploy the malware remotely, customers ought to observe customary safety practices, even on totally up to date working methods. Microsoft has launched an in depth information for minimizing the danger of a downgrade assault as the corporate develops a extra complete answer.
Safety researchers from SafeBreach labs have published the code for software program that may roll again Home windows to reopen outdated safety vulnerabilities. Microsoft hasn’t totally addressed the difficulty but, however instituting a strict revocation coverage might help defend towards it till a correct repair is out there.
Attackers can use the exploit, which the researchers dubbed Downdate, to revert Home windows to an outdated model after which assume full management over a system utilizing beforehand patched flaws. Downdate can sidestep safety measures like virtualization-based safety (VBS), Home windows Defender, UEFI locks, and Credential Guard. Home windows 10, 11, and Server variations 2019 and later are affected.
SafeBreach launched the Downdate software program on GitHub to facilitate additional analysis of the difficulty. The present model can solely be utilized by the particular person bodily working the PC, however hackers might theoretically combine it into malware payloads.
Microsoft lists the risk below two CVEs – 2024-21302 and 2024-38202. It began engaged on an answer when SafeBreach alerted it to the vulnerability in February. Nevertheless, the corporate stated that the method is sluggish as a result of Downdate impacts quite a few elements of Home windows, and an answer would require intensive testing.
Within the meantime, builders have a mitigation methodology that may present an additional layer of safety. The Home windows assist website consists of directions for revoking outdated VBS system recordsdata, which causes the UEFI firmware to institute further checks throughout startup. Nevertheless, the process dangers making a system unbootable if customers aren’t cautious. Microsoft advises customers and admins to not apply it to earlier variations of Home windows, and all boot gadgets should first set up updates launched after August 13, 2024. The rule additionally applies to exterior boot media and the Home windows Restoration Surroundings.
Though Downdate impacts totally up to date variations of Home windows, customers ought to all the time stay up-to-date with safety patches and set up Microsoft’s treatment for the vulnerability when it releases. The corporate additionally means that customers stay cautious when checking electronic mail and solely set up software program from trusted sources.
