KnowBe4 Security Awareness Training Blog

[WHOA] - This 'Unpatch Attack' Is A New One To Me!

Written by Stu Sjouwerman | Aug 9, 2024 7:46:44 PM

In a startling revelation at Black Hat 2024, SafeBreach security researcher Alon Leviev demonstrated a critical vulnerability in Windows systems, dubbed the "Windows Downdate" attack.

This exploit allows threat actors to forcibly downgrade fully updated Windows 10, 11, and Windows Server systems to older versions, reintroducing vulnerabilities that had been previously patched.

By exploiting zero-day vulnerabilities (CVE-2024-38202 and CVE-2024-21302), attackers can bypass security features like Credential Guard and Virtualization-Based Security, making a supposedly secure system susceptible to thousands of past exploits.

Despite being reported to Microsoft six months ago, no patch has been released, leaving users vulnerable. Microsoft advises following mitigation strategies until a fix is deployed.

Full article at Bleepingcomputer