Explore a groundbreaking security presentation from DEF CON 32 that reveals critical vulnerabilities in Windows Update systems through downgrade attacks. Learn how researchers discovered methods to manipulate Windows Updates, enabling the creation of downgrading updates that bypass verification steps and compromise system security. Dive into technical demonstrations showing successful downgrades of DLLs, drivers, and kernel components while maintaining a falsely "fully updated" system status. Understand the implications for virtualization security as the research exposes ways to downgrade Hyper-V's hypervisor, Secure Kernel, and Credential Guard. Examine the first known bypass of VBS's UEFI locks and discover how unprivileged attackers can exploit Windows Update restoration vulnerabilities. Get introduced to "Windows Downdate," a powerful tool that demonstrates how these downgrade attacks can potentially affect any Windows machine globally, challenging the concept of "fully patched" systems.
Windows Downdate: Downgrade Attacks Using Windows Updates
Overview
Syllabus
DEF CON 32 - Windows Downdate: Downgrade Attacks Using Windows Updates - Alon Leviev
Taught by
DEFCONConference
Related Courses
-
When Windows Defender Updates Become a Security Risk
-
Staying Undetected Using the Windows Container Isolation Framework
-
Abusing Windows Filtering Platform for Privilege Escalation - Undetected Attack Techniques
-
NTLM Authentication Vulnerabilities and Exploits - A Final Analysis
-
ALPChecker: Detecting Spoofing and Blinding Attacks on ALPC - HITB 2023
-
Windows 10 End of Support - Options and Alternatives
