A new vulnerability in Windows allows you to bypass the driver check by downgrading

28 October 2024 1 minute Author: Newsman

Cybersecurity researchers have discovered a new Windows downgrade technique that bypasses Driver Signature Verification (DSE) on fully updated systems. This vulnerability allows attackers to use unsigned drivers to install rootkits and further hide malicious activity.

The downgrade method, developed by SafeBreach researcher Alon Leviev, uses a special Windows Downdate tool to hack the Windows update process and roll back critical OS components to older versions that contain vulnerabilities. For example, a downgrade could repair the “ItsNotASecurityBoundary” vulnerability, which bypasses driver signature verification, allowing attackers to load unsigned drivers at the kernel level. It provides an opportunity to bypass the main mechanisms of system protection, hide processes, network activity and maintain a permanent hidden presence in the system.

Downgrade attacks or attacks aimed at returning software to previous, unprotected versions to restore previously fixed vulnerabilities. The Windows Downdate vulnerability that allows such attacks has previously been used, notably to bypass Secure Boot in the case of the BlackLotus UEFI Bootkit, which targeted the Windows Boot Manager to gain low-level access. The vulnerability allows attackers to bypass the restrictions of Virtualization-Based Security (VBS), which normally protects system files from modification, even if UEFI Lock is enabled.

Other related articles
News
Read more
Four members of the REvil gang were sentenced to prison in Russia
Four members of the cybercriminal group REvil have been sentenced to prison in Russia. The convictions were based on cybercrime charges, including money laundering and hacking. The group has been linked to a series of large-scale attacks on well-known companies, including JBS and Kaseya, which caused serious global repercussions and financial losses.
180
Found an error?
If you find an error, take a screenshot and send it to the bot.