Windows Downdate attack, security in the air!

Security researchers from SafeBreach have discovered a Windows downgrade attack that is invisible, persistent, irreversible, and perhaps even more dangerous than BlackLotus UEFI bootkit last year.

blackhat

After seeing the damage the UEFI bootkit could do by bypassing the secure boot processes in Windows, SafeBreach's Alon Leviev wondered if there were other Windows fundamentals that could be used in a similar way. He hit the jackpot in one of the most unlikely places: In the Windows update process.

"I found a way to take over Windows Updates to update the system, but with control over all the actual update contents," Leviev said in an interview ahead of the presentation. which he will be doing at the Black Hat USA conference today, which will describe detail his findings.

Using his technique, having hacked a machine so he could log in as a normal user, Leviev was able to control which files were updated, which registry keys were changed, which installers could be used, and the like.

Leviev was able to do all of this by bypassing every single integrity check applied to the Windows update process.

After that, "I was able to downgrade the OS kernel, DLLs, drivers ... basically everything I wanted."

To make matters worse, Leviev said that by picking vulnerabilities he was able to attack the entire Windows virtualization stack, including virtualization-based security (VBS) features that are supposed to isolate the kernel and make an attacker's access less important.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).