Windows Update Downgrade Attack Rolls Back Updates
Revealing Windows Update Downgrade Attack: Threats and Protection
At the recent Black Hat conference, SafeBreach researchers disclosed a new Windows update downgrade attack (also known as version rollback attack), which attracted widespread attention. This attack can roll back updated software to older versions, causing serious damage to system components, software, and files.
Attack principle and impact
Attackers can manipulate Windows Update to downgrade DLLs, drivers, and even critical operating system components such as NT kernels. This invalidates all installed security patches, bypassing security features and increasing system permissions. SafeBreach practice shows that after this attack, the system cannot recognize new security updates and errors are reported as the latest version, and the infection cannot be detected by the recovery and scanning tools. In short, this attack can lead to serious data breaches and other consequences. For more technical details, please refer to the SafeBreach report: Windows Downgrade Attacks via Windows Update.
Microsoft has released vulnerability information
Microsoft has not released an update that completely fixes this vulnerability, but has released two CVEs (CVE-2024-38202 and CVE-2024-21302) to reduce the risk. You can visit the relevant website and take corresponding measures according to the instructions.
Related suggestions include configuring the audit object access settings, auditing users with backup and restore operation permissions, and implementing access control lists.
Daily protective measures
To prevent such attacks, we recommend that you:
- Avoid downloading applications or software from unreliable sources.
- Use network security measures such as Windows firewall to monitor and filter network traffic.
- Do not access suspicious links or compressed files at will.
- Even if there is a downgrade attack, the system should be kept updated, which helps prevent virus and malware intrusions and improves system performance.
- Regularly back up important files to external hard drives. It is recommended to use professional backup software such as MiniTool ShadowMaker.
Data recovery suggestions
Computer attacks often cause data loss. If you need to recover deleted or lost data on your Windows computer, you can use MiniTool Power Data Recovery. This is a safe and reliable data recovery software that can recover various files without damaging the original data. The software is available in a free version and supports free downloads, disk scanning, file preview and 1GB of free data recovery.
Summarize
This article briefly introduces Windows update downgrade attacks, including its principles, impacts, and some common security protection measures. I hope this information can help you better protect your computer's security.
The above is the detailed content of Windows Update Downgrade Attack Rolls Back Updates. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1664
14
1422
52
1316
25
1267
29
1239
24
Fixdisk Windows 7: Check Your Hard Disk for Errors on Windows 7
Apr 14, 2025 am 12:40 AM
If you suspect your hard drive encounters issues, you can check the drive for errors on Windows 7. This php.cn post talks about fixdisk Windows 7. You can follow the guide to check the hard drive for errors on Windows 7.
Is Core Isolation Blocked by ew_usbccgpfilter.sys? Here Are Fixes!
Apr 13, 2025 am 12:47 AM
Many SurfaceBook users report that they meet the “core isolation blocked by ew_usbccgpfilter.sys” issue on Windows 11/10. This post from php.cn helps to fix the annoying issue. Keep on your reading.
Effortles Fixes for Black Screen After Installing a Graphics Driver
Apr 15, 2025 am 12:11 AM
Have you ever encountered a black screen after installing a graphics driver like an Nvidia driver in Windows 10/11? Now in this post from php.cn, you can find a couple of worth trying solutions to the Nvidia driver update black screen.
How to Install Windows X-Lite Optimum 11 23H2 Home/Pro via ISO
Apr 09, 2025 am 12:49 AM
Windows X-Lite Optimum 11 23H2 Home or Optimum 11 Pro could be your option if you need a custom lite system based on Windows 11 23H2. Go on reading and php.cn will show you how to download Optimum 11 23H2 ISO and install Pro or Home on your PC.
KB2267602 Fails to Install: Here Is How to Fix It!
Apr 15, 2025 am 12:48 AM
KB2267602 is a protection or definition update for Windows Defender designed to fix vulnerabilities and threats in Windows. Some users reported that they were unable to install KB2267602. This post from php.cn introduces how to fix the “KB2267602 fai
How to Turn Off Tips and Suggestions Notifications in Windows?
Apr 09, 2025 am 12:46 AM
Tips and Suggestions Notifications is a new design of Windows 11. It will give you suggestions and tips on some new features. But some of you may be bothered by the popup tips. You can read this post from php.cn to learn how to turn off tips and sugg
Advanced Tips for Windows P Not Working on Windows
Apr 11, 2025 am 12:49 AM
You must be familiar with the Windows P shortcut if you have more than one monitor. However, the Windows P not working properly might happen occasionally. If you are facing this problem, this post from php.cn can help you indeed.
Difference Between RAID Recovery and Hard Drive Recovery
Apr 17, 2025 am 12:50 AM
Data recovery is always a heated topic. To successfully restore data from your device, you should know how it stores data. You can learn the difference between RAID recovery and hard drive recovery from this php.cn post.
