There’s a scary new way to undo Windows security patches

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

There’s a scary new way to undo Windows security patches

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

This is the hidden content, please

• Sign In
• or
• Sign Up

Security patches for Windows are essential for keeping your PC safe from developing threats. But downgrade attacks are a way of sidestepping

This is the hidden content, please

• Sign In
• or
• Sign Up

’s patches, and a security researcher set out to show just how fatal these can be.

SafeBreach security researcher Alon Leviev mentioned in a company

This is the hidden content, please

• Sign In
• or
• Sign Up

that they’d created something called the Windows Downdate tool as a proof-of concept. The tool crafts persistent and irreversible downgrades on Windows Server systems and Windows 10 and 11 components.

Leviev explains that his tool (and similar threats) performs a version-rollback *******, “designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.”

He also mentions that you can use the tool to expose the PC to older vulnerabilities sourced in drivers, DLLs, Secure Kernel, NT Kernel, the Hypervisor, and more. Leviev went on to

This is the hidden content, please

• Sign In
• or
• Sign Up

: “Other than custom downgrades, Windows Downdate provides easy to use usage examples of reverting patches for CVE-2021-27090, CVE-2022-34709, CVE-2023-21768 and PPLFault, as well as examples for downgrading the hypervisor, the kernel, and bypassing VBS’s UEFI locks.”

If you have not checked it out yet, Windows Downdate tool is live! You can use it to take over Windows Updates to downgrade and expose past vulnerabilities sourced in DLLs, drivers, the NT kernel, the Secure Kernel, the Hypervisor, IUM trustlets and more!

— Alon Leviev (@_0xDeku)

This is the hidden content, please

• Sign In
• or
• Sign Up

What’s also concerning is that the tool is undetectable because it can’t be blocked by endpoint detection and response (EDR) solutions, and your Windows computer will continue to tell you it’s up to date even though it’s not. He also uncovered various ways to turn off Windows virtualization-based security (VBS), including Hypervisor-Protected Code integrity (HVCI) and Credential Guard.

This is the hidden content, please

• Sign In
• or
• Sign Up

released a security update (KB5041773) on August 7 to fix the

This is the hidden content, please

• Sign In
• or
• Sign Up

Windows Secure Kernel Mode privilege escalation flaw and a patch for

This is the hidden content, please

• Sign In
• or
• Sign Up

.

This is the hidden content, please

• Sign In
• or
• Sign Up

has also released

This is the hidden content, please

• Sign In
• or
• Sign Up

Windows users can take to stay safe, such as configuring “Audit Object Access” settings to scan for file access attempts. The release of this new tool shows how exposed PCs are to all sorts of attacks and how you should never let your guard down when it comes to cybersecurity.

The good news is that we can rest easy for now since the tool was created as a proof-of-concept, an example of “white-hat hacking” to discover vulnerabilities before threat actors do. Also, Leviev handed over his findings to

This is the hidden content, please

• Sign In
• or
• Sign Up

in February 2024, and hopefully, the software giant will have the necessary fixes soon.

This is the hidden content, please

• Sign In
• or
• Sign Up

#scary #undo #Windows #security #patches

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up