Governance & Risk Management , Patch Management , Video
How to Mitigate Downgrade Attacks Against Windows Systems
SafeBreach's Alon Leviev on How Organizations Can Reduce the Likelihood of ExploitsOperating system downgrade attacks expose organizations to significant risk by helping attackers exploit vulnerabilities in older versions of Windows software, according to SafeBreach security researcher Alon Leviev.
Windows allows for downgrades of components such as boot managers. That allows attackers to exploit previously patched vulnerabilities, undermining system integrity. Although Microsoft has rolled out mitigations, Leviev recommends that organizations monitor trusted installer actions and consider implementing versioning checks to prevent unauthorized downgrades (see: Undetectable Backdoor Disguises as Windows Update).
"The fact that you can revert to an old and vulnerable version of the software and then exploit old vulnerabilities which seem to have been fixed in the core machine that you're running on was very fascinating to me," Leviev said.
In this video interview with Information Security Media Group at Black Hat 2024, Leviev also discussed:
- The mechanics of downgrade attacks and their implications for Windows defenders;
- How attackers manipulate Windows Update processes to downgrade critical components;
- The importance of securing Windows design flaws and monitoring the update process.
Leviev is a self-taught security researcher with a diverse background. He started his professional career as a blue team operator, focusing on the defensive side of cybersecurity. His main focus includes operating system internals, reverse engineering and vulnerability research. Before entering cyber, he was a professional jiujitsu athlete in Brazil and won several world and European titles.