Jump to content
  • Sign Up
×
×
  • Create New...

Security researcher releases Windows Downdate tool to silently downgrade security patches

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Security researcher releases Windows Downdate tool to silently downgrade security patches

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

At ****** Hat 2024, SafeBreach researcher Anon Leviev demonstrated a tool that could silently undo security patches installed on computers running Windows 10, Windows 11, and Windows Server. Through such a downgrade *******, threat actors could reintroduce old security vulnerabilities. Several months later, Leviev has

This is the hidden content, please
as an open-source Python-based program and a pre-compiled Windows executable. 

Using the tool, dubbed Windows Downdate, it’s possible to circumvent parts of Windows Update to make custom downgrade packages. These then expose past security vulnerabilities and allow users to compromise those systems as if they’d never been patched in the first place. 

Leviev’s tool exploits the

This is the hidden content, please
and
This is the hidden content, please
vulnerabilities. Its use is undetectable because endpoint detection and response (EDR) solutions cannot block it. Furthermore, Windows Update continues to report that the targeted system is up-to-date, even though it’s actually been downgraded.

Along with the tool itself, Leviev provided several examples of its use. In these examples, users can downgrade the Hyper-V hypervisor to a two-year-old version. The examples also explain how to revert the Windows Kernel, the NTFS driver, and the Filter Manager driver to their original versions. Instructions also walk through downgrading other Windows components and previously applied security patches.

The security researcher also encouraged others to use the tool for “further research and to find additional vulnerabilities.”

This is the hidden content, please
released a security update on August 7 to address the CVE-2024-21302 Windows Secure Kernel Mode privilege escalation flaw. However, there is not yet a patch for CVE-2024-38202, a Windows Update Stack elevation of privilege vulnerability.

Until

This is the hidden content, please
releases a security update for CVE-2024-38202, the company says users should follow recommendations outlined in the
This is the hidden content, please
to safeguard against Windows Downdate downgrade attacks.

These recommendations include configuring “Audit Object Access” settings to monitor file access attempts, restricting update and restore operations, utilizing Access Control Lists to limit file access, and doing regular audits to identify attempts to exploit the vulnerability.




This is the hidden content, please

#Security #researcher #releases #Windows #Downdate #tool #silently #downgrade #security #patches

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept