Emerging Threats in Windows Security
A newly identified attack technique poses a significant risk to fully patched Windows systems by circumventing Microsoft’s Driver Signature Enforcement (DSE). This vulnerability could potentially enable operating system downgrade attacks, which allow malicious actors to load unsigned kernel drivers. According to SafeBreach researcher Alon Leviev, this capability opens the door for attackers to deploy custom rootkits that can effectively neutralize security measures, conceal processes, and obscure network activity.
The recent findings build upon earlier analyses that revealed two privilege escalation flaws in the Windows update mechanism, identified as CVE-2024-21302 and CVE-2024-38202. These vulnerabilities could be exploited to revert an updated Windows system to an earlier version that harbors unpatched security weaknesses. The exploit has taken shape in a tool referred to as Windows Downdate, which Leviev notes could hijack the Windows Update process, facilitating undetectable, persistent, and irreversible downgrades of critical OS components.
The implications of this technique are profound, as it provides attackers with a more effective alternative to Bring Your Own Vulnerable Driver (BYOVD) attacks. This method allows for the downgrading of first-party modules, including the operating system kernel itself. Microsoft has since addressed the identified vulnerabilities on August 13 and October 8, 2024, during their Patch Tuesday updates.
Leviev’s approach utilizes the downgrade tool to reverse the “ItsNotASecurityBoundary” DSE bypass patch on a fully updated Windows 11 system. This bypass was first documented by Elastic Security Labs researcher Gabriel Landau in July 2024, alongside another bug class known as PPLFault, collectively termed False File Immutability. Microsoft remediated this issue earlier in May.
At its core, the exploit takes advantage of a race condition that allows the replacement of a verified security catalog file with a malicious version containing an authenticode signature for an unsigned kernel driver. The attacker then prompts the kernel to load this driver, leading Microsoft’s code integrity mechanism—responsible for authenticating files via the kernel mode library ci.dll—to validate the rogue security catalog and load the driver, thereby granting the attacker the ability to execute arbitrary code within the kernel.
The DSE bypass is executed by employing the downgrade tool to revert the “ci.dll” library to an older version (10.0.22621.1376), effectively negating the patch implemented by Microsoft. However, there exists a security barrier that can thwart such a bypass. If Virtualization-Based Security (VBS) is active on the targeted host, the catalog scanning is conducted by the Secure Kernel Code Integrity DLL (skci.dll) instead of ci.dll.
It is important to note that the default configuration typically has VBS enabled without a Unified Extensible Firmware Interface (UEFI) Lock. Consequently, an attacker could disable VBS by manipulating the EnableVirtualizationBasedSecurity and RequirePlatformSecurityFeatures registry keys. Even when UEFI lock is enabled, an attacker might still disable VBS by substituting one of the core files with an invalid version.
The steps an attacker would follow to exploit this vulnerability are as follows:
- Disable VBS in the Windows Registry or invalidate SecureKernel.exe
- Downgrade ci.dll to the unpatched version
- Restart the machine
- Utilize the ItsNotASecurityBoundary DSE bypass to achieve kernel-level code execution
The only scenario where this attack fails is when VBS is enabled with a UEFI lock and a “Mandatory” flag, which results in boot failure if VBS files are corrupted. The Mandatory mode is activated manually through a registry change.
Microsoft’s documentation emphasizes, “The Mandatory setting prevents the OS loader from continuing to boot in case the Hypervisor, Secure Kernel, or one of their dependent modules fails to load.” Therefore, to effectively mitigate this attack, it is crucial that VBS is enabled with a UEFI lock and the Mandatory flag set. In any other configuration, an adversary could disable the security feature, perform the DDL downgrade, and achieve a DSE bypass.
Leviev underscores the importance of enhancing security solutions to detect and prevent downgrade procedures, even for components that do not cross established security boundaries.
