Earlier today, Microsoft unveiled its latest Patch Tuesday updates, addressing various vulnerabilities across its Windows operating systems. The updates include KB5041580, KB5041578, KB5041773, and KB5041782 for Windows 10, alongside KB5041585, KB5041592 for Windows 11 versions 23H2, 22H2, and 21H2, as well as KB5041571 for the upcoming 24H2 version.
Retirement of Troubling Updates
In a notable shift, Microsoft has confirmed the retirement of the problematic WinRE updates, KB5034440 and KB5034441. These updates have been a source of frustration for users, and their removal paves the way for new updates aimed at enhancing system stability and security.
In a separate announcement, Microsoft has issued guidance regarding a newly discovered security vulnerability, which poses a significant risk by allowing attackers to downgrade systems to older, vulnerable states without detection. This issue is tracked under the identifiers “CVE-2024-21302” and “CVE-2024-38202,” and has been dubbed “Windows Downdate” by the researcher who uncovered it. The vulnerability exploits the Windows Update process, misleading users into believing their systems are secure when, in fact, they may be compromised.
According to Microsoft’s MSRC website:
A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS.
The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.
Microsoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions.
Mitigation Strategies
In light of this vulnerability, Microsoft has released detailed mitigation strategies applicable to most modern versions of Windows 10, 11, and Server equipped with Virtualization-based Security (VBS). The company outlines:
Available mitigations
- For all supported versions of Windows 10, version 1809 and later, as well as Windows Server 2019 and later, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b). This policy will prevent the operating system from loading vulnerable versions of VBS system files that have not been updated.
Note
- Additional mitigations and support for earlier versions of Windows 10 (version 1507 and earlier) and Windows Server 2016 and earlier are planned for future updates.
For those interested in the complete details regarding the deployment of mitigations and the associated risks, Microsoft has provided comprehensive information on its official support document.
It is important to note that home users are advised against manually installing the revocation policy, as the threat primarily requires physical access to the targeted PC. Instead, it may be prudent to await an automatic fix that Microsoft is expected to roll out through Windows Update or other channels in the near future.
