Microsoft released Patch Tuesday updates for Windows 10 (KB5041580, KB5041578, KB5041773, and KB5041782) and Windows 11 versions (KB5041585 and KB5041592), as well as for Windows 24H2 (KB5041571). The company also confirmed the retirement of troublesome WinRE updates and replaced them with new ones.
Microsoft published mitigation guidance for a recent security vulnerability that allows an attacker to quietly downgrade the system to an older vulnerable state. The issue is tracked under IDs “CVE-2024-21302” and “CVE-2024-38202.” The vulnerability, named “Windows Downdate,” lets an attacker replace current Windows system files with outdated versions.
Microsoft writes that the vulnerability enables an attacker with administrator privileges to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS. A security update is being developed to revoke outdated, unpatched VBS system files, but it’s not yet available due to testing requirements.
For most modern versions of Windows 10, 11, and Server with VBS, administrators can deploy a Microsoft-signed revocation policy (SkuSiPolicy.p7b) to block vulnerable versions of VBS system files. Home users may wait for an automatic fix expected via Windows Update or another channel later.
Source: https://www.neowin.net/news/microsoft-posts-guidance-for-cve-2024-21302-vbs-flaw-that-downgrades-modern-windows-pcs/