Two new Microsoft vulnerabilities, CVE-2024-21302 and CVE-2024-38202, are impacting Windows systems. Read this Cybersecurity Threat Advisory to learn more about how these vulnerabilities can be leveraged to exploit Microsoft Windows and how to protect your systems.
What is the threat?
These vulnerabilities allow for OS downgrade attacks by bypassing Microsoft’s Driver Signature Enforcement (DSE). They affect Windows kernel where successful exploitation can enable attackers to perform an OS downgrade by reverting security-critical components to an earlier version. Attackers can then load unsigned kernel-mode drivers, giving them full control of the system, including the ability to execute arbitrary code in kernel mode. Additionally, the attacker can install rootkits and create backdoors, persistence of malware, and further exploitation of the system. CVSS has identified these vulnerabilities as a base score of 9 out of 10.
Why is it noteworthy?
Since these vulnerabilities enable attackers to bypass fundamental security measures, such as DSE, which is designed to prevent the loading of untrusted drivers, it can lead to serious implications. In addition, these vulnerabilities can affect fully patched Windows systems, making it a major concern for both enterprises and individual users.
What is the exposure or risk?
Organizations and individuals using vulnerable versions of Microsoft, especially those with admin privileges, are susceptible to these vulnerabilities. This threat can also affect fully patched Windows systems, making it a major concern for both enterprises and individual users.
What are the recommendations?
Barracuda recommends the following actions to remediate the vulnerabilities:
- Apply the latest patches Microsoft issued in October at your earliest convenience.
- Enable VBS with UEFI lock to provide an extra layer of protection.
- Use a 24/7 monitoring service, such as Barracuda XDR Endpoint Security, to detect anomalies and prevent cyber incidents.
References
For more in-depth information about the recommendations, please visit the following links:
- https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html
- https://techhq.com/2024/10/microsoft-windows-kernel-exposed-to-os-downgrade-exploit/
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.
