Threat Intelligence

Windows Compromise Possible with New Attack Technique

Share
Microsoft March Patch Tuesday roundup

SC Media reports that Windows 11 devices could be downgraded to be reintroduced to vulnerabilities in older versions without being detected through the novel Windows Downdate attack technique.

Aside from rolling back to vulnerable Windows versions, Windows Downdate also facilitated Windows Secure Kernel virtualization and Windows Defender deactivation, username and hashed password exfiltration, and downgraded the Windows Hyper-V hypervisor version, an analysis from SafeBreach security researcher Alon Leviev revealed.

Another downgrade attack detailed by Leviev during this year's Black Hat USA security conference involved the targeting of a temporary Windows.old folder established following a system upgrade that forced the execution of a malicious folder version even without privileges.

"The downgrade attack I was able to achieve on the virtualization stack within Windows was possible due to a design flaw that permitted less privileged virtual trust levels/rings to update components residing in more privileged virtual trust levels/rings," said Leviev.

Microsoft has yet to issue a patch to address such an issue.