Windows 11 security bypass (video)

In March of last year, the vulnerability appeared BlackLotus UEFI Secure Boot, which was patched, but could bypass Secure Boot, VBS (Virtualization-based Security), HVCI (Hypervisor-Protected Code Integrity) and more, on fully updated systems.windows 11 fingers

Yesterday we reported on security researcher, Alon Leviev, developed Windows Downdate, a “tool that interferes with the Windows Update process to create completely undetectable, invisible, persistent, and irreversible downgrades to critical operating system components,” such as DLLs, drivers, and even the Windows kernel.

The researcher at Black Hat and DEF CON performed a deprecation attack on fully updated Windows.

In the video below, the Ancillary Function kernel driver (AFD.SYS) is downgraded on a system running Windows 11 23H2.

Anton Leviev provided a summary of how Windows Downdate works:

First, is completely undetectable so that endpoint detection and response (EDR) solutions cannot block it.

Second, the degradation was invisible. Downgraded items appear updated, even if they are technically downgraded.

Thirdly, the downgrade is permanent so that future software updates will not overwrite the files.

End, the degradation is irreversible, so scan and repair tools cannot detect or repair it.

Microsoft was notified of this vulnerability prior to public demonstration and is tracking the flaw in identifiers “CVE-2024-21302" and "CVE-2024-38202” on the MSRC website.

Watch the video

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).