Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities
08-August-24
Microsoft is developing security updates to address two vulnerabilities, CVE-2024-38202 and CVE-2024-21302, which could be exploited to perform downgrade attacks on Windows systems. These attacks allow an attacker to replace current OS files with older versions, reintroducing previously mitigated vulnerabilities and bypassing Virtualization Based Security (VBS) features, making fully patched systems vulnerable to past exploits.
