Researchers from SafeBreach have unveiled 'Downgrade attacks' at Black Hat 2024, exploiting two zero-day vulnerabilities to revert updated Windows systems to their vulnerable states. These attacks, involving privilege escalation flaws (CVE-2024-38202 and CVE-2024-21302), allow attackers to bypass security features and reintroduce previously patched vulnerabilities. The researchers demonstrated that these attacks could compromise OS components without physical access. Microsoft is currently working on mitigation strategies.
Sort: