A very tactical method of attack presented at the Black Hat 2024 security conference, one of the security experts at the company SafeBreach. Alon Leviev asked if it is possible to attack the update of Windows 10 and Windows 11 with an existing vulnerability with malware replacing the corresponding system files with the old vulnerable version.
To carry out the attack the Windows Update service took a close look at his work and found two fixable vulnerabilities, and managed to disable many Windows security functions.
When it is executed, its attack does not arouse suspicion in antiviruses that try to protect the device, despite the partial return to old file versions, Windows believes that it is completely up-to-date, and moreover, the attack process can remain permanently present. the computer.
Alon Leviev reported his findings to Microsoft half a year ago, the company lists the vulnerabilities he found as CVE-2024-38202 and CVE-2024-21302, but did not release find solutions for them yet.
According to the company, to eliminate the attack surface, it is not enough to change a few lines of code, but to develop a new security mechanism that invalidates the execution of old file versions.
This takes a lot of time to implement and fully test, which no one wants another global IT disaster, so it is not clear when the solutions will be completed. The vulnerability is not actively used, theoretically no one knows the information except the security researcher and Microsoft, however, with the current disclosure, the pressure is on Microsoft to fix the errors as as soon as possible increased greatly.
If you want to read more interesting tech news, follow the Origo Techbase Facebook page, Click here!
2024-08-08 16:06:00
#surprising #attack #Windows #created #ORIGO