Windows update bug could be hidden gateway to zombie vulnerabilities

Researchers have discovered a new way for hackers to exploit Windows devices. They have found a vulnerability in your PC’s operating system that could allow attackers to downgrade it to an older version of Windows.

So if you’re running Windows 11, they can roll it back to Windows 10, exposing a number of old vulnerabilities that they can use to take full control of your system.

Microsoft told CyberGuy that it is working on a fix, and claims that the vulnerability is still theoretical — the company has not yet seen anyone attempt to exploit it. I’ll go over the details of this security flaw and share some tips to help you protect your PC.

GET SECURITY ALERT, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Someone working on a Windows PC. (Kurt “CyberGuy” Knutsson)

How Hackers Abuse Windows Downgrades

Alon Leviev, a researcher at SafeBreach, discovered the security breachLeviev says he started looking into downgrade attack methods after noticing a large hacking campaign last year using malware called the “BlackLotus UEFI bootkit” that worked by downgrading the Windows boot manager to an old, vulnerable version.

Leviev found a way to downgrade Windows — either the entire operating system or just certain parts of it. He then created a proof-of-concept attack using this method to disable a Windows protection called Virtualization-Based Security (VBS) and target the highly privileged code running at the core of the computer, known as the “kernel.”

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Normally, your PC communicates with a secure Microsoft server that manages the update process when it requests an update. Leviev was unable to directly modify the files managed by the server, but he discovered that one key — “PoqexecCmdline” — was unlocked, allowing him to manipulate the update process.

Using this control, Leviev was able to downgrade critical Windows components — including drivers, dynamic link libraries, and the NT kernel — to older versions with known vulnerabilities. He also found ways to downgrade important security features, such as the Windows Secure Kernel, Credential Guard, the hypervisor, and Virtualization-Based Security (VBS).

To make it clearer, older versions of Windows have unpatched problems that hackers can exploit to steal your data or take control of your PC. These problems are fixed when you update to the latest software version. But if hackers manage to downgrade your PC to an old, vulnerable version, they can easily break into your system.

These laptops run Windows software. (Kurt “CyberGuy” Knutsson)

BEST POWER LINES AND SURGE PROTECTORS 2024

What is Microsoft doing about this problem?

Microsoft has acknowledged the vulnerability and is actively working on a fix. In response to an inquiry from CyberGuy, a company spokesperson provided the following statement:

“We appreciate SafeBreach’s work in identifying and responsibly reporting this vulnerability through a coordinated vulnerability disclosure. We are actively developing mitigations to protect against these risks, while following a comprehensive process that includes thorough investigation, update development for all affected versions, and compatibility testing, to ensure maximum customer protection with minimal operational disruption.”

The Redmond, Washington-based company said it is developing a security update that will revoke outdated, unpatched VBS system files to help mitigate the threat. Due to the complexity of blocking such a large number of files, rigorous testing is required to prevent integration errors or regressions. The company added:

“We are not aware of any attempts to abuse the technique described in this report and continue to closely monitor the evolving threat landscape.”

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HP laptop with Windows. (Kurt “CyberGuy” Knutsson)

WINDOWS FLAW LET HACKERS SNIP YOUR PC OVER WI-FI

Learn how to update your Windows software

Microsoft says hackers haven’t exploited the vulnerability yet, and even if they do, there’s little you can do about it. As a general cybersecurity hygiene, keep your operating system and other software current.

It is one of the most effective ways to protect your devices from known vulnerabilities and security holes. To update your Windows software and benefit from the latest security patches, follow these simple steps:

For Windows 10 and Windows 11

• Click on the Start menu and select “Institutions” (or press the keyboard shortcut Windows key + I).
• In the Settings window, click “Update and security.”
• Under the ‘Windows Update’ section, click “Check for updates.”
• If there are any updates availableincluding the patch for the Wi-Fi driver vulnerability, Windows will automatically download and install it.
• Once the installation is complete, you may be prompted to: Restart your computer to apply the updates.

For Windows 8.1 and earlier versions

• Open the Control panel and navigate to “System and security.”
• Under the ‘Windows Update’ section, click “Check for updates.”
• If updates are available, including the patch for the Wi-Fi driver vulnerability, select them and click “Installing updates.”
• Follow the on-screen instructions to complete the installation process.
• Restart your computer if you are prompted to apply the updates.

HOW TO DELETE YOUR PRIVATE DATA FROM THE INTERNET

Four additional ways to protect your Windows PC

The report says that even if the downgrade error goes largely unnoticed, hackers still need a way to gain remote access to your computer. Here’s where you can stop them. Here are some steps you can take:

1. Install a strong antivirus program: Hackers often gain access to devices by sending infected emails or documents, or tricking users into clicking on a link that downloads malware. You can prevent this by installing strong antivirus software that detects any potential threat before it can take over your device or router. Get my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.

2. Recognize urgent requests as potential scams: Always be wary if someone asks you to do something urgently, such as send money, provide personal information, or click on a link. There is a good chance that it is a scam.

3. Use strong and unique passwords: Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider creating a password manager to securely store and generate complex passwords. It helps you create unique and hard-to-crack passwords that a hacker could never guess. Secondly, it also keeps all your passwords in one place and fills in passwords for you when you log into an account, so you never have to remember them yourself. The fewer passwords you remember, the less likely you are to reuse them across your accounts. Get more details about my Find the best expert-reviewed password managers of 2024 here.

4. Enable two-factor authentication: Enable two-factor authentication if possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.

HOW TO DELETE YOUR PRIVATE DATA FROM THE INTERNET

Kurt’s key insights

This latest Windows vulnerability is a major concern because it exposes your PC to potential risks by allowing hackers to downgrade your system to an older, less secure version. By exploiting this flaw, attackers could gain access to outdated vulnerabilities and take complete control of your machine. While Microsoft is aware of the issue and is working on a fix, the fact that this vulnerability exists at all is a stark reminder of the importance of staying up-to-date on system updates and security measures. Keep an eye on your system’s security and exercise caution as more details emerge.

CLICK HERE TO GET THE FOX NEWS APP

Do you regularly check for updates and install them to avoid security threats like this? Let us know by writing to us at Cyberguy.com/Contact

For more tech tips and security alerts, subscribe to my free CyberGuy Report newsletter by visiting Cyberguy.com/Newsletter

Ask Kurt a question or let us know which stories you would like to see covered.

Follow Kurt on his social channels:

Answers to the most frequently asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.