A flaw in Windows updates could lead to a hidden gateway for zombie vulnerabilities.

windo

Hackers could exploit Windows devices through a newly discovered vulnerability that allows them to downgrade the PC's operating system to an older version of Windows, as found by researchers.

If you're using Windows 11, you could revert to Windows 10, which would reveal old vulnerabilities that attackers could exploit to gain complete control over your system.

Microsoft has stated that it is currently working on a solution for the vulnerability, which is still considered theoretical as no attempts to exploit it have been observed by the company. I will provide a detailed analysis of this security issue and offer some advice on how to safeguard your computer.

How hackers exploit Windows downgrades

A security flaw was discovered by Alon Leviev, a researcher at SafeBreach, after he noticed that a major hacking campaign last year utilized malware known as the "BlackLotus UEFI bootkit" which allowed the attackers to downgrade the Windows boot manager to an older, more vulnerable version.

Leviev discovered a technique to reduce Windows to either its entire operating system or specific components. He subsequently developed a proof-of-concept attack utilizing this method to deactivate a Windows security feature called Virtualization-Based Security (VBS) and target the highly privileged code situated in the computer's core, commonly referred to as the "kernel."

When your PC needs an update, it communicates with a secure Microsoft server that manages the update process. However, Leviev discovered that one key, "PoqexecCmdline," was not locked, enabling him to manipulate the update process.

Leviev was able to downgrade critical Windows components, including drivers, dynamic link libraries, and the NT kernel, to older versions with known vulnerabilities. He also discovered ways to downgrade important security features such as the Windows Secure Kernel, Credential Guard, the hypervisor, and Virtualization-Based Security (VBS).

Hackers can exploit unpatched issues in older versions of Windows to steal data or take control of your PC. These issues are fixed in the latest software version. However, if hackers can downgrade your PC to an old, vulnerable version, they can easily break into your system.

What is Microsoft doing about the issue?

Microsoft has acknowledged the security flaw and is actively working on a fix. In response to an inquiry from CyberGuy, a company spokesperson stated that they are actively working on a fix.

"We value SafeBreach's efforts in discovering and reporting this vulnerability through a coordinated disclosure process. We are currently working on implementing safeguards to mitigate these risks, following a comprehensive procedure that includes a thorough investigation, updates across all affected versions, and compatibility testing, to ensure maximum customer protection with minimal operational disruption."

The Redmond, Washington-based company announced that it is working on a security update to eliminate outdated and unpatched VBS system files in order to address this threat. However, due to the intricacy of blocking a vast number of files, extensive testing is necessary to prevent integration issues or regressions. The company stated.

"No known attempts have been made to exploit the technique described in this report, and we remain vigilant in tracking any changes in the threat landscape."

Learn how to update your Windows software

Microsoft reports that hackers have not yet exploited the vulnerability, and even if they do, there is little you can do from your end. However, as general cybersecurity practice, ensure your operating system and other software are up-to-date.

To ensure your devices are secure from known vulnerabilities and security flaws, follow these simple steps to update your Windows software with the latest security patches.

For Windows 10 and Windows 11

• To access the settings menu on a Windows computer, click on the Start button and then select "Settings" (or use the keyboard shortcut Windows key + I).
• In the Settings window, click on "Update & Security."
• To check for updates under the "Windows Update" section, click on "Check for updates."
• Automatically, Windows will download and install updates, including the patch for the Wi-Fi driver vulnerability.
• After the installation is finished, you might be prompted to restart your computer to apply the updates.

For Windows 8.1 and Earlier Versions

• Open the Control Panel and navigate to "System and Security."
• To check for updates under the "Windows Update" section, click on "Check for updates."
• If updates are available, including the patch for the Wi-Fi driver vulnerability, select them and click "Install updates."
• Follow the on-screen instructions to complete the installation process.
• Restart your computer if prompted to apply the updates.

Four additional ways to protect your Windows PC

Even if the downgrade flaw is difficult to detect, hackers can still gain remote access to your computer. However, you can prevent this by following these steps.

To safeguard your devices from hackers, it is crucial to install a robust antivirus program. Hackers often use infected emails, documents, or links to gain access to devices. To prevent this, install strong antivirus software that can detect potential threats before they harm your device or router. Check out my top picks for the best 2024 antivirus protection for your Windows, Mac, Android, and iOS devices.

Be cautious when someone urgently asks for personal information, money, or a click on a link, as it may be a scam.

To keep your accounts and devices secure, create strong passwords and avoid using the same password for multiple online accounts. Utilize a password manager to securely store and generate complex passwords, making it easier to create unique and difficult-to-crack passwords. Additionally, a password manager keeps track of all your passwords in one place and fills them in for you when logging into an account, reducing the likelihood of reusing passwords. For more information on the best expert-reviewed password managers of 2024, click here.

Add an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password whenever possible. Enable two-factor authentication.

Kurt’s key takeaways

This latest Windows vulnerability is a major concern, as it exposes your PC to potential risks by allowing hackers to downgrade your system to an older, less secure version. By exploiting this flaw, attackers could access outdated vulnerabilities and take full control of your machine. While Microsoft is aware of the issue and is working on a fix, the fact that this vulnerability even exists is a stark reminder of how critical it is to stay on top of system updates and security measures. Keep an eye on your system's security and be cautious as more details emerge.

Please inform us at Cyberguy.com/Contact if you routinely verify and install updates to prevent security risks like this.

To receive my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter at Cyberguy.com/Newsletter.

Let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.