"This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," said SafeBreach researcher Alon Leviev.
The exploit materialized in the form of a tool dubbed Windows Downdate, which could be used to hijack the Windows Update process to craft fully undetectable, persistent, and irreversible downgrades on critical OS components, as per Leviev.
This can have severe ramifications, as it offers attackers a better alternative to Bring Your Own Vulnerable Driver (BYOVD) attacks, permitting them to downgrade first-party modules, including the OS kernel itself.
Leviev leverages the downgrade tool to downgrade the 'ItsNotASecurityBoundary' DSE bypass patch on a fully updated Windows 11 system.
Collection
[
|
...
]