In a nutshell: Researchers have developed a cyberattack that reverses Windows security updates to exploit previously patched vulnerabilities. Although they cannot deploy the malware remotely, users should observe standard security practices, even on fully updated operating systems. Microsoft has released a detailed guide for minimizing the risk of a downgrade attack as the company develops a more comprehensive solution.
Security researchers from SafeBreach labs have published the code for software that can roll back Windows to reopen old security vulnerabilities. Microsoft hasn’t fully addressed the issue yet, but instituting a strict revocation policy can help defend against it until a proper fix is available.
Attackers can use the exploit, which the researchers dubbed Downdate, to revert Windows to an outdated version and then assume complete control over a system using previously patched flaws. Downdate can sidestep security measures like virtualization-based security (VBS), Windows Defender, UEFI locks, and Credential Guard. Windows 10, 11, and Server versions 2019 and later are affected.
SafeBreach released the Downdate software on GitHub to facilitate further research of the issue. The current version can only be used by the person physically operating the PC, but hackers could theoretically integrate it into malware payloads.
Microsoft categorizes the security concern under two CVE identifiers, 2024-21302 and 2024-38202. The company began developing a fix after SafeBreach reported the issue in February. Crafting a solution is complex as Downdate influences many components of Windows, requiring thorough testing before deployment.
The interim mitigation involves a technique outlined on the Windows support website, which suggests revoking outdated VBS system files. This action forces the UEFI firmware to perform additional checks at startup. Despite this, the mitigation carries a risk of rendering the system unbootable, especially if not handled correctly. Microsoft recommends against using this method on older Windows versions, urging updates on all boot devices and external media as of post-August 13, 2024, along with adherence in the Windows Recovery Environment.
While Downdate can impact even the most current Windows installations, maintaining regular updates and applying Microsoft-issued fixes upon availability is crucial for user security. Microsoft further advises users to exercise caution with emails and to download software solely from reputable sources.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
