https://www.esecurityplanet.com/threats ... er-4-2024/
Type of vulnerability: Admin code execution privileges leading to operating system downgrades.
The problem: This summer, researcher Alon Leviev revealed a downgrade attack vulnerability in Windows, the exploit for which he named Downdate. The Windows update process could be overtaken, and a threat actor could execute undetectable and irreversible downgrades to Windows system components, Leviev said. He demonstrated the downgrade at Black Hat 2024, reverting fully patched Windows machines back to previous vulnerable states.
Leviev recently published an update to the summer’s information, showing that Microsoft’s decision not to fix an Administrator privilege makes Windows 11 still vulnerable. Because an admin gaining kernel code execution privileges isn’t considered breaking an official security boundary or vulnerability, Microsoft has opted not to fix it. Microsoft has recently reported it’s actively working on a fix, though it hasn’t provided a deadline or specific details.
The fix: Monitor your Windows operating system behavior, including log files, and look for any downgrade procedures. Microsoft has no published fix for the threat yet, since it doesn’t consider it an official vulnerability.
