当前位置:首页 > 报告详情

阿隆·列维夫_利用Windows更新的降级攻击.pdf

上传人: 张** 编号:175507 2024-09-13 87页 1.98MB

1、Windows Downdate:Downgrade Attacks Using Windows UpdatesAlon LevievSecurity Researcher SafeBreach22-years-oldSelf-taughtOS internals,reverse engineering and vulnerability researchFormer BJJ world and european championCreator of PoolParty process injection techniquesAgendaResearch BackgroundDowngrade

2、 Attacks Using Windows UpdatesVirtualization-Based Security VulnerabilitiesWindows Update Restoration VulnerabilityClosing RemarksResearch BackgroundWINDOWS DOWNDATEWhat are Downgrade Attacks?Immune SoftwareVulnerable SoftwareDowngrade immunesoftware to vulnerablesoftwareAttackerDowngrade Attacks In

3、-The-Wild BlackLotus UEFI BootkitThe BlackLotus UEFI bootkit employed a downgrade attack to bypass Secure BootThe Secure Boot bypass worked on fully updated Windows 11 machinesCaused a massive panic in the cyber security industrySecure Boot In a NutshellUEFI FirmwareUEFI Boot ManagerWindows Boot Man

4、agerWindows Boot LoaderWindows KernelVerifyEach component in the boot chain must be digitally signedVerifyVerifyVerifyBlackLotus Secure Boot BypassBlackLotus downgraded the Windows Boot Manager to signed but vulnerableversion of itUEFI FirmwareUEFI Boot ManagerWindows Boot ManagerWindows Boot Loader

5、Windows KernelVerifyVerifyVerifyVerifyRevocation ListMicrosofts Mitigation Against Secure Boot DowngradesMicrosofts mitigation included adding signed but vulnerable boot managers to revocation listsRevoked boot managers are not allowedUEFI FirmwareUEFI Boot ManagerWindows Boot ManagerWindows Boot Lo

6、aderWindows KernelVerifyVerifyVerifyVerifyResearch MotivationAre there any components affected by downgrade attacks other then Secure Boot?Research GoalsEvaluate the state of downgrade attacks on WindowsFind if any other critical components have been overlookedDowngrade VisionBring Your Own Vulnerab

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要介绍了研究者们在Windows系统安全方面的三项发现,并针对这些发现提出了相应的担忧和建议。首先,研究者们发现Windows更新过程中存在多个安全漏洞,这些漏洞可能被利用来进行系统降级攻击,使得系统运行旧版本的、可能存在安全漏洞的代码。其次,研究者们指出虚拟化基础安全(VBS)在设计上存在问题,攻击者可能通过降级VBS中的组件来绕过安全防护。最后,研究者们发现Windows更新恢复功能也存在安全漏洞,攻击者可以篡改用于系统恢复的Windows.old文件。 关键数据包括:研究者们发现的安全漏洞数量,例如CVE-2022-34709和CVE-2021-27090,以及这些漏洞可能影响的Windows版本。此外,文中还提到了VBS远程禁用保护机制,以及Windows更新恢复漏洞的相关数据。 针对这些发现,研究者们建议微软加强系统组件的安全性,改进虚拟化技术的实现,以及加强对Windows更新恢复机制的监管。他们还强调,设计时应将攻击面考虑在内,并对现有的安全措施进行彻底的审查。
"揭秘Windows更新背后的安全漏洞" "如何利用Windows更新实现系统降级?" 探索VBS的潜在威胁"
客服
商务合作
小程序
服务号
折叠