Back to the future: Windows Update is now a trojan horse for hackers

In terms of impact, downgrade attacks could have profound implications for organizations heavily dependent on Windows environments,” Chauhan pointed out. “These attacks can reverse security patches, re-exposing systems to previously mitigated vulnerabilities, thereby increasing the risk of data breaches, unauthorized access, and loss of sensitive information.”

Moreover, such attacks could disrupt operations by compromising critical infrastructure, leading to downtime and financial losses. Industries with stringent compliance requirements, such as financial services, healthcare, and the public sector, are particularly vulnerable. A successful downgrade attack in these sectors could result in regulatory penalties and significant damage to an organization’s reputation and customer trust.”

Leviev’s inspiration for this technique came from the BlackLotus UEFI Bootkit 2023, which showcased the severity of such attacks by downgrading the Windows boot manager to exploit CVE-2022-21894, bypassing Secure Boot, and disabling other OS security mechanisms. “The malware could persist even on fully patched Windows 11 systems, raising alarms in the cybersecurity community,” Leviev added.