Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Windows Downgrade Disaster: Critical Flaws Turn Fully Patched Systems into Vulnerability Time Bombs
Microsoft is developing security updates to tackle two vulnerabilities in the Windows update architecture that could lead to downgrade attacks. These flaws, discovered by Alon Leviev of SafeBreach Labs, could make a fully patched Windows system susceptible to past vulnerabilities, turning “fully patched” into a…
Hot Take:
Microsoft is essentially playing a high-stakes game of Jenga with its Windows update system, and two bricks just got pulled out. Get ready for a potential crash, unless those updates come faster than a Windows 10 reboot!
Key Points:
- Two new security vulnerabilities in Windows update architecture: CVE-2024-38202 (CVSS score: 7.3) and CVE-2024-21302 (CVSS score: 6.7).
- Discovered by SafeBreach Labs researcher Alon Leviev and presented at Black Hat USA 2024 and DEF CON 32.
- Potential for attackers to perform downgrade attacks, reintroducing old vulnerabilities and bypassing security features.
- Tool named “Windows Downdate” demonstrated to exploit these vulnerabilities.
- Microsoft working on security updates to address these issues.
Already a member? Log in here