Microsoft has launched a patch for a bug for a “downgrade assault” that was just lately revealed by researchers at safety conferences Black Hat and Def Con.
What does that imply in layman phrases?
You: Let me verify whether or not my system is absolutely up to date
Home windows: Certain, all’s nicely
Attacker: *Chuckles and deploys an assault towards a vulnerability for which you can have been patched way back*
With a downgrade assault, the sufferer could have completed all they will to maintain their laptop and software program updated, however an attacker can pressure it to revert to an older, susceptible model after which use a recognized bug to contaminate your gadget.
With this specific assault, the researcher constructed a instrument referred to as “Home windows Downdate” that takes over Home windows Updates to show a very patched Home windows system right into a system which is exploitable by 1000’s of vulnerabilities from the previous.
Microsoft has now patched the 2 vulnerabilities in Home windows (CVE-2024-38202 and CVE-2024-21302) that the researcher used to create Home windows Downdate. To manually verify whether or not you could have acquired this replace:
- Click on Settings within the Begin menu
- Click on Home windows Replace
- Choose Replace Historical past
You need to see this entry (KB5041585 efficiently put in) for Home windows 11:
Should you don’t see this, you can begin the replace by clicking the Examine for updates button from the Home windows Replace menu, or obtain the related replace from the Microsoft Replace Catalog.
For Home windows 10 methods the tactic is similar, however the KB quantity is KB5041580 and the replace catalog will be discovered by following this hyperlink.
We don’t simply report on threats—we take away them
Cybersecurity dangers ought to by no means unfold past a headline. Preserve threats off your units by downloading Malwarebytes at this time.