PoC Exploit Released for Windows 0-Day Downgrade Attack
A proof-of-concept (PoC) exploit has been publicly released for a pair of critical zero-day vulnerabilities in Microsoft Windows that enable a novel “downgrade attack.” The flaws tracked as CVE-2024-38202 and CVE-2024-21302 were originally disclosed by SafeBreach researcher Alon Leviev at Black Hat USA 2024 and DEF CON 32 earlier this month.
The vulnerabilities allow an attacker to manipulate the Windows Update process to stealthily downgrade a fully patched Windows system to an older, vulnerable state. This effectively turns previously fixed security holes into exploitable zero-day vulnerabilities again.
“As a result, I was able to make a fully patched Windows machine susceptible to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term ‘fully patched’ meaningless on any Windows machine in the world,” Alon Leviev of Safebreach explained in his original research.
Leviev has now released the PoC exploit, dubbed “Windows Downdate”, on GitHub. The tool automates the exploitation of the two zero-days to take control of the Windows Update process and craft “fully undetectable, invisible, persistent, and irreversible downgrades” on critical OS components.
Windows Downdate is able to bypass integrity verification, Trusted Installer enforcement, and other security checks to downgrade core Windows DLLs, drivers, and even the NT kernel itself. It can also downgrade Credential Guard and Hyper-V components to re-expose patched privilege escalation flaws.
The impact is severe – an attacker could use these techniques to quietly revert a fully up-to-date Windows deployment to a vulnerable state, re-enabling exploitation of any of thousands of previously patched vulnerabilities. Scanning and recovery tools are unable to detect malicious downgrades.
Windows Downdate abuses unprotected elements of the Windows Update architecture to stealthily downgrade a fully patched system to an older vulnerable state, while disabling key security features, in a way that is very difficult to detect and reverse.
Demo:
https://dai.ly/k5ywyRqjL5Cp0oBpKTq
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
