Potential Elevation of Privilege Vulnerability in Windows Backup

CVE-2024-38202

Summary

An elevation of privilege vulnerability has been identified within Microsoft Windows Update that allows an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent key features of Virtualization Based Security (VBS). For successful exploitation, an attacker must manipulate an Administrator or a user with delegated permissions into performing a system restore, which inadvertently activates the vulnerability. Microsoft has released a security update to address this concern, made available from October 08, 2024, with specific instructions for updating versions of Windows Recovery Environment (WinRE) as necessary. Further guidance is recommended for users who are unable to immediately apply the update, aimed at reducing the risk and safeguarding their systems.

News Articles

The Hacker News

CVE-2024-21302CVE-2024-38202

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows.

2 months ago

BleepingComputer

CVE-2024-38202CVE-2024-21302

Windows Downdate tool lets you 'unpatch' Windows systems

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.

4 months ago

eSecurity Planet

CVE-2024-38202CVE-2024-7593

Vulnerability Recap 8/19/24: Microsoft, Ivanti, SolarWinds

Microsoft appears on our list multiple times this week, with notable Patch Tuesday CVEs and an Entra ID vulnerability that affects hybrid clouds.

5 months ago

More News...

References