Two Zero-Day Vulnerabilities Demonstrated at BlackHat 2024 in Las Vegas

TapTechNews August 8th news, at the BlackHat 2024 conference held in Las Vegas, USA, Alon Leviev, a security researcher from SafeBreach, demonstrated two zero-day vulnerabilities, which can 'undo patches' (unpatch) on Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities.

The two vulnerability tracking numbers are CVE-2024-38202 and CVE-2024-21302. Microsoft has officially released an announcement and provided mitigation suggestions before releasing the fix.

Expert Leviev stated that it is possible to infiltrate the Windows Update update process and lower the security level of key operating system components such as dynamic link libraries (DLLs) and the NT kernel.

Experts can use zero-day vulnerabilities to downgrade the security kernel of CredentialGuard and isolate user-mode processes and the hypervisor of Hyper-V, thereby exposing past privilege escalation vulnerabilities.

Leviev demonstrated using these vulnerabilities to successfully achieve privilege escalation, create malicious updates, and reintroduce security vulnerabilities by replacing Windows system files with older versions.

An attacker with administrative privileges can use the CVE-2024-21302 privilege escalation vulnerability to replace Windows system files with outdated and vulnerable versions.

Leviev reported these vulnerabilities to Microsoft in February this year, but after 6 months, Microsoft still has not completely repaired these two vulnerabilities.

Microsoft stated that so far no relevant evidence has been found that hackers have used the vulnerabilities to launch attacks, and it is recommended to implement the suggestions shared in the two security announcements released today before the security update is released to help reduce the risk of exploitation.