When it comes to affect, downgrade assaults may have profound implications for organizations closely depending on Home windows environments,” Chauhan identified. “These assaults can reverse security patches, re-exposing techniques to beforehand mitigated vulnerabilities, thereby growing the danger of data breaches, unauthorized entry, and lack of delicate data.”
Furthermore, such assaults may disrupt operations by compromising important infrastructure, resulting in downtime and monetary losses. Industries with stringent compliance necessities, similar to monetary providers, healthcare, and the general public sector, are notably weak. A profitable downgrade assault in these sectors may end in regulatory penalties and important harm to a corporation’s popularity and buyer belief.”
Leviev’s inspiration for this method got here from the BlackLotus UEFI Bootkit 2023, which showcased the severity of such assaults by downgrading the Home windows boot supervisor to use CVE-2022-21894, bypassing Safe Boot, and disabling different OS security mechanisms. “The malware may persist even on totally patched Home windows 11 techniques, elevating alarms within the cybersecurity group,” Leviev added.