Potential Elevation of Privilege Vulnerability in Windows Backup
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 8 August 2024
Badges
Summary
The first article outlines a potential elevation of privilege vulnerability in Windows Backup, which could allow an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or bypass some features of Virtualization Based Security (VBS). Exploitation requires interaction by a privileged user, and Microsoft is currently working on a security update to mitigate the threat. There are no known attempts to exploit this vulnerability, but a public presentation of the vulnerability was hosted at BlackHat, and attendees are encouraged to follow Recommended Actions to protect their systems. The second article reveals that SafeBreach security researcher Alon Leviev discovered two zero-day vulnerabilities in Windows Update, which could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, 11, and Server systems and reintroduce old vulnerabilities. These vulnerabilities have not yet received a security update from Microsoft, even though six months have passed since they were reported. The exploitation of these zero-day vulnerabilities could expose systems to thousands of past vulnerabilities and make the term "fully patched" meaningless on any Windows machine. There are observed attempts to exploit these vulnerabilities, making it crucial for users to upgrade to the fixed version as soon as it becomes available.
Affected Version(s)
Windows 10 Version 1809 =
Windows Server 2019 =
Windows Server 2019 (Server Core installation) =
News Articles
Windows Downdate tool lets you 'unpatch' Windows systems
SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.
3 weeks ago
Vulnerability Recap 8/19/24: Microsoft, Ivanti, SolarWinds
Microsoft appears on our list multiple times this week, with notable Patch Tuesday CVEs and an Entra ID vulnerability that affects hybrid clouds.
1 month ago
Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update
Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet.
1 month ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
Vulnerability published.
First article discovered by BleepingComputer
Vulnerability Reserved.