In a nutshell: Researchers have developed a cyberattack that reverses Windows security updates to exploit previously patched vulnerabilities. Although they cannot deploy the malware remotely, users should observe standard security practices, even on fully updated operating systems. Microsoft has released a detailed guide for minimizing the risk of a downgrade attack as the company develops a more comprehensive solution.
Security researchers from SafeBreach labs have published the code for software that can roll back Windows to reopen old security vulnerabilities. This exploit, dubbed Downdate, can sidestep security measures like virtualization-based security (VBS), Windows Defender, UEFI locks, and Credential Guard. Windows 10, 11, and Server versions 2019 and later are affected.
Microsoft lists the threat under two CVEs – CVE-2024-21302 and CVE-2024-38202. While a solution is being developed, users can take steps to minimize the risk. Microsoft advises users and admins to revoke outdated VBS system files, which can cause the UEFI firmware to institute additional checks during startup. However, this procedure risks making a system unbootable if users aren’t careful.
SafeBreach released the Downdate software on GitHub to facilitate further research of the issue. In the meantime, users should remain up-to-date with security patches and install Microsoft’s remedy for the vulnerability when it releases. Users should also remain cautious when checking email and only install software from trusted sources.
Microsoft has started working on a solution and will provide an update when available. Until then, users can follow the guidelines provided by Microsoft to minimize the risk of a downgrade attack.
A recent revelation by security researchers at SafeBreach labs has brought to light a cyberattack that can reverse Windows security updates, exposing previously patched vulnerabilities. Even though the malware cannot be deployed remotely, users should be cautious and adhere to standard security practices.
The code, dubbed Downdate, has been published on GitHub, and it can roll back Windows to an outdated version, making it susceptible to previously patched flaws. The exploit can sidestep security measures, including virtualization-based security (VBS), Windows Defender, UEFI locks, and Credential Guard. The vulnerability affects Windows 10, 11, and Server versions 2019 and later.
Microsoft has released a detailed guide for minimizing the risk of a downgrade attack. To avoid this threat, users should remain up-to-date with security patches. Microsoft also advises users to be cautious when checking email and to only install software from trusted sources. A solution for the vulnerability is currently being worked on, but until then, developers can use a mitigation method to provide an extra layer of security.