Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft patches bug that could have allowed an attacker to revert your computer back to an older, vulnerable version

A researcher used two Windows vulnerabilities to perform downgrade attacks. These flaws have now been patched by Microsoft

Malwarebytes
#vulnerability#windows#microsoft

Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con.

What does that mean in layman terms?

You: Let me check whether my system is fully updated

Windows: Sure, all’s well

Attacker: *Chuckles and deploys an attack against a vulnerability for which you could have been patched long ago*

With a downgrade attack, the victim may have done all they can to keep their computer and software up to date, but an attacker can force it to revert to an older, vulnerable version and then use a known bug to infect your device.

With this particular attack, the researcher built a tool called “Windows Downdate” that takes over Windows Updates to turn a completely patched Windows system into a system which is exploitable by thousands of vulnerabilities from the past.

Microsoft has now patched the two vulnerabilities in Windows (CVE-2024-38202 and CVE-2024-21302) that the researcher used to create Windows Downdate. To manually check whether you have received this update:

  • Click Settings in the Start menu
  • Click Windows Update
  • Select Update History

You should see this entry (KB5041585 successfully installed) for Windows 11:

If you don’t see this, you can start the update by clicking the Check for updates button from the Windows Update menu, or download the relevant update from the Microsoft Update Catalog.

For Windows 10 systems the method is the same, but the KB number is KB5041580 and the update catalog can be found by following this link.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Related news

Windows 'Downdate' Attack Reverts Patched PCs to a Vulnerable State

Windows 11 machines remain open to downgrade attacks, where attackers can abuse the Windows Update process to revive a patched driver signature enforcement (DSE) bypass.

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday

Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed

The most serious of the issues included in August’s Patch Tuesday is CVE-2024-38063, a remote code execution vulnerability in Windows TCP/IP.

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office - Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office - Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the operating system files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302