Experts person uncovered a method allowing cybercriminals to bypass Windows information features specified arsenic Driver Signature Enforcement (DSE), and frankincense instal rootkits connected afloat updated systems.
A study from cybersecurity interrogator Alon Leviev of SafeBreach claims nan onslaught is imaginable by downgrading definite Windows kernel components.
By taking complete nan Windows Update process, crooks tin adhd outdated, susceptible package components, making a strategy look “fully patched” moreover though it isn’t. Apparently, moreover full-patched Windows 11 devices tin beryllium targeted this way.
Rising sophistication
The interrogator claims to person reported this rumor to Microsoft, but nan package elephantine didn’t hole it, saying it didn’t break a “security boundary” since an attacker would already request administrator access.
Leviev demonstrated nan rumor astatine nan Black Hat and DEF CON 2024 events, and shared a tool, Windows Downdate, which allows creating downgrades that reopen aged vulnerabilities.
He claimed to person managed to downgrade patched components connected Windows 11, bring backmost nan DSE bypass and alteration nan usage of unsigned drivers. As a result, he was capable to instal rootkits that tin move disconnected information software, hide malicious activity, and more.
In his attack, Leviev replaced a cardinal Windows record called ci.dll pinch an unpatched version. After replacing nan file, nan strategy needs a restart, which makes it look for illustration a normal update. Leviev besides demonstrated methods to disable aliases bypass Virtualization-Based Security (VBS) by modifying circumstantial settings and files, further weakening protections connected nan system.
Microsoft is now moving connected a fix, to artifact outdated strategy files and forestall downgrade attacks, however, nan merchandise day is not yet set, arsenic protecting against these issues apparently requires observant testing to forestall strategy disruptions.
Until then, Leviev advises organizations to show for downgrade attacks.
Via BleepingComputer
More from TechRadar Pro
- Email threats are becoming much vulnerable than ever — truthful support an oculus connected your inbox
- Here's a database of nan best firewalls today
- These are nan best endpoint protection tools correct now