SafeBreach safety researcher Alon Leviev has launched his Home windows Downdate device, which can be utilized to mitigate threats that re-introduce vulnerabilities to the newest Home windows 10, Home windows 11, and Home windows Server working techniques. In such assaults, attackers drive the newest gadgets to revert to older variations of device, thus introducing safety vulnerabilities that may be exploited to compromise the device. Home windows Downdate is to be had as an open supply and pre-built Python program for Home windows that may assist downgrade Home windows 10, Home windows 11, and Home windows Server device elements. Leviev additionally shared a number of examples of use that permit downloading the Hyper-V hypervisor (to the two-year-old model), the Home windows Kernel, the NTFS driving force, and the Clear out Supervisor driving force (to their authentic variations), and different Home windows elements and safety gear that have been used previously. “You’ll be able to use it to obtain Home windows Updates to mitigate and disclose outdated vulnerabilities present in DLLs, drivers, NT kernel, Protected Kernel, Hypervisor, IUM trustlets and extra,” SafeBreach safety researcher Alon Leviev defined. “Along with conventional downgrades, Home windows Downdate supplies easy-to-use examples for patching CVE-2021-27090, CVE-2022-34709, CVE-2023-21768 and PPLFault, in addition to examples for downgrading the hypervisor, kernel, and bypassing UEFI locks for VBS.”
As Leviev stated at Black Hat 2024 when he disclosed the Home windows Downdate vulnerability—which exploits the CVE-2024-21302 and CVE-2024-38202 vulnerabilities—using this device isn’t recognized as it can’t fail detection and reaction (EDR) responses and Home windows Updates it assists in keeping announcing that the device beneath evaluation is up-to-the-minute (although it’s being downloaded). “I discovered a number of tactics to disable Home windows virtualization-based safety (VBS), together with options similar to Credential Guard and Hypervisor-Safe Code integrity (HVCI), even if pressured by means of UEFI locks. UEFI locks have been bypassed with out the usage of them,” stated Leviev. “In consequence, I used to be ready to create an absolutely patched Home windows device that was once at risk of lots of the earlier vulnerabilities, turning vulnerabilities into 0 days and making the time period ‘solid’ meaningless for any Home windows device on the earth.” Whilst Microsoft launched a safety replace (KB5041773) to mend the CVE-2024-21302 Home windows Protected Kernel Mode factor on August 7, the corporate nonetheless issued the CVE-2024-38202 patch, a privileged Home windows Replace Stack improve. lack of confidence. Till the safety updates are launched, Redmond advises consumers to make use of the suggestions shared within the safety advisory revealed previous this month to assist offer protection to towards Home windows Downdate assaults. Tactics to mitigate this factor come with configuring the “Audit Object Get entry to” settings to watch document get right of entry to makes an attempt, disabling replace and rollback capability, the usage of Get entry to Regulate Lists to restrict get right of entry to to information, and auditing choices to locate get right of entry to makes an attempt.