Windows Updates Could Be a Downgrade Attack

According to an article on the CSO website, Windows operating system updates may make users vulnerable to cyberattacks instead of protecting them. This vulnerability, the result of what’s sometimes called a downgrade attack, works by tricking operating system updates into installing an older version of the operating system instead of the intended revision. 

Analyst Alon Leviev at cybersecurity company SafeBreach discovered the flaw and presented his findings at the recently concluded Black Hat cybersecurity conference in Las Vegas. He said that by exploiting vulnerabilities discovered, he had made a Windows machine that was ostensibly fully patched and up-to-date “susceptible to thousands of past vulnerabilities.” 

According to Arjun Chauhan, a senior analyst at Everest Group who was also quoted in the CSO article, “other OS vendors may be equally susceptible to similar attack vectors, and all OS vendors must be vigilant against the dangers they pose.” He says those dangers are critical, including data breaches, loss of sensitive information, and disruption of operations. 

“Industries with stringent compliance requirements, such as financial services, healthcare, and the public sector, are particularly vulnerable,” said Chauhan. “A successful downgrade attack in these sectors could result in regulatory penalties and significant damage to an organization’s reputation and customer trust.”

Microsoft has stated it hasn’t observed this kind of breach occurring “in the wild,” according to Chauhan. Nonetheless, he says, until Microsoft provides a solution, “organizations should closely monitor for downgrade attempts, restrict administrative privileges, and enforce the Principle of Least Privilege (PoLP).”