John Walsh III’s Post

Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows. For daily news and analysis subscribe to the https://lnkd.in/gZsiTT2x newsletter. #CyberSecurity #Tech #DataProtection

Wow, that's a whole lot of work to still get owned by our security solution. This is why we are extremely happy to have #deeplearning on our side which prevents the ability to execute arbitrary code and pull off attacks like this. Time to level up your security and reach out to us to see what isn't just theoretical but completely possible with deep learning powered prevention!

A new attack technique bypasses #Microsoft's Driver Signature Enforcement on fully patched Windows systems, enabling attackers to load unsigned kernel drivers and compromising the integrity of OS security. Learn more: https://lnkd.in/eVsPXa2V #cybersecurity #hacking

Sometimes it's about patching properly, sometimes it's about system hardening. ⏩ Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel 💡 In this case, if Virtualization-Based Security (VBS) is running on the targeted host, then it's the right step toward mitigation against this threat. 🗂 Obviously, your threat model will show if this vulnerability is exploitable in your organization, and what effort should be put into its mitigation, and which systems to prioritize #cybersecurity #microsoft #vulnerabilitymanagement https://lnkd.in/eVsPXa2V

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News. The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities. Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.   #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

New Windows False File Immutability Vulnerability Let Attackers Execute Arbitrary Code: A new unnamed vulnerability class has been detected in the Windows 11 Kernel that could allow a threat actor to execute arbitrary code with Kernel privileges.  This vulnerability, named “File Immutability,” exists due to incorrect assumptions in the design of the Core Windows feature. These assumptions can result in undefined Behaviour and security vulnerabilities.  The […] The post New Windows False File Immutability Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News. #CyberSecurity #InfoSec

Attackers can now bypass critical security features on fully patched Windows systems through a downgrade attack on the Windows kernel, enabling rootkit installation. SafeBreach researcher Alon Leviev demonstrated how an attacker can manipulate Windows Update to introduce outdated, vulnerable components into the kernel. The result? Fully patched systems become exposed to past security flaws, making “fully updated” a misleading term in this context. Microsoft has acknowledged the issue but has yet to patch it, as they state it doesn’t cross a security boundary. Until a fix is implemented, security experts recommend proactive monitoring for downgrade attempts. While the situation is complex, a Windows security update is in development. #CyberSecurity #WindowsSecurity #RootkitThreat #KernelAttack #DowngradeAttack #ZeroDay #MicrosoftSecurity https://lnkd.in/dkqxuuAu

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News. The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities. The exploit materialized in the form of a tool dubbed Windows Downdate, which, per Leviev, could be used to hijack the Windows Update process to craft fully undetectable, persistent, and irreversible downgrades on critical OS components. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

Microsoft's "Patch Tuesday" is a DOOZY - 9 zero-days fixed, 6 of which are already being exploited. If you run Windows, this is very important to fix. Patch early patch often. #cybersecurity #cyberaware #securityupdate #patchnow #Microsoft #PatchTuesday

Some of Microsoft’s most important tools for protecting Windows users from malicious hackers can be twisted into being used in attacks, according to research presented here Wednesday at the annual Black Hat security conference. The newly discovered method includes altering the internal registry of a Windows machine to make it seem as though it has been updated through Microsoft’s regular process for issuing improvements and security fixes. That would allow an attacker to downgrade the machine to earlier versions of Windows, making hundreds of vulnerabilities that are patched in current versions of Windows fair game once more. — The Washington Post #microsoft #windows #hack #blackhat #security #conference