A recent investigation by SafeBreach has unveiled a significant vulnerability within Microsoft Windows Kernel Security that could enable attackers to bypass the Driver Signature Enforcement (DSE) system on fully updated Windows systems. This new technique opens the door to operating system (OS) downgrade attacks, allowing malicious actors to load unsigned kernel drivers and deploy custom rootkits. According to SafeBreach researcher Alon Leviev, this method poses a serious threat as it could disable security controls, conceal processes and network activities, and maintain stealthy operations.
The findings build on prior research that identified two critical privilege escalation flaws within the Windows Kernel Security update process, designated CVE-2024-21302 and CVE-2024-38202. These vulnerabilities could potentially allow an attacker to roll back a fully patched Windows installation to a previous version that contains unpatched security flaws. The exploitation is facilitated through a tool referred to as “Windows Downdate,” which enables attackers to hijack the Windows Update process and perform undetectable and irreversible downgrades of crucial OS components.
Attack Methodology and Its Implications for Windows Kernel Security
This newly discovered attack method provides a more advantageous alternative to the existing Bring Your Own Vulnerable Driver (BYOVD) attacks, as it allows for the downgrading of first-party modules, including the operating system kernel itself. Microsoft has addressed the vulnerabilities CVE-2024-21302 and CVE-2024-38202 in its Patch Tuesday updates released on August 13 and October 8, 2024, respectively.
Leviev’s recent approach utilizes the downgrade tool to revert the “ItsNotASecurityBoundary” DSE bypass patch on fully updated Windows 11 systems. This vulnerability was initially detailed by Elastic Security Labs researcher Gabriel Landau in July 2024, where it was categorized as part of a new class of bugs dubbed False File Immutability. The exploit takes advantage of a race condition that allows a verified security catalog file to be replaced with a malicious version containing an Authenticode signature for an unsigned kernel driver. Subsequently, the attacker prompts the kernel to load the compromised driver.
Microsoft’s code integrity system, which employs the kernel mode library ci.dll for file authentication, inadvertently validates the rogue security catalog’s signature, granting the attacker the ability to execute arbitrary code within the kernel. The DSE bypass is accomplished by using the downgrade tool to revert the “ci.dll” library to an unpatched version (10.0.22621.1376), effectively nullifying Microsoft’s protective patch.
Recommendations for Mitigation
While there is a potential security barrier that may thwart this bypass, it is contingent on whether Virtualization-Based Security (VBS) is activated on the target system. If VBS is in operation, the catalog scanning is executed by the Secure Kernel Code Integrity DLL (skci.dll) rather than ci.dll. However, many systems run VBS without a Unified Extensible Firmware Interface (UEFI) lock, allowing attackers to disable it by manipulating specific registry keys. Even if UEFI lock is enabled, an attacker could still circumvent VBS protections by substituting core files with compromised versions.
To fully exploit the vulnerability, an attacker would need to disable VBS in the Windows Kernel Security Registry, downgrade ci.dll to the vulnerable version, restart the system, and then leverage the ItsNotASecurityBoundary DSE bypass for kernel-level code execution. The only scenario where this attack fails is when VBS is enabled with a UEFI lock and a “Mandatory” flag, which prevents the OS loader from booting if any virtualization module fails.
For effective mitigation, it is crucial to ensure that VBS is enabled with both UEFI lock and the Mandatory flag set. In any other configuration, adversaries may exploit the security feature, perform DLL downgrades, and achieve DSE bypasses. Leviev emphasizes the importance of enhancing security solutions to detect and prevent downgrade procedures, even for components that typically do not breach defined security boundaries.