A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks.
"This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News.
The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities.
The exploit materialized in the form of a tool dubbed Windows Downdate, which, per Leviev, could be used to hijack the Windows Update process to craft fully undetectable, persistent, and irreversible downgrades on critical OS components.
This can have severe ramifications, as it offers attackers a better alternative to Bring Your Own Vulnerable Driver (BYOVD) attacks, permitting them to downgrade first-party modules, including the OS kernel itself.
Microsoft subsequently addressed CVE-2024-21302 and CVE-2024-38202 on August 13 and October 8, 2024, respectively, as part of Patch Tuesday updates.
The latest approach devised by Leviev leverages the downgrade tool to downgrade the "ItsNotASecurityBoundary" DSE bypass patch on a fully updated Windows 11 system.
ItsNotASecurityBoundary was first documented by Elastic Security Labs researcher Gabriel Landau in July 2024 alongside PPLFault, describing them as a new bug class codenamed False File Immutability. Microsoft remediated it earlier this May.
In a nutshell, it exploits a race condition to replace a verified security catalog file with a malicious version containing authenticode signature for an unsigned kernel driver, following which the attacker prompts the kernel to load the driver.
Microsoft's code integrity mechanism, which is used to authenticate a file using the kernel mode library ci.dll, then parses the rogue security catalog to validate the signature of the driver and load it, effectively granting the attacker the ability to execute arbitrary code in the kernel.
The DSE bypass is achieved by making use of the downgrade tool to replace the "ci.dll" library with an older version (10.0.22621.1376.) to undo the patch put in place by Microsoft.
That having said, there is a security barrier that can prevent such a bypass from being successful. If Virtualization-Based Security (VBS) is running on the targeted host, the catalog scanning is carried out by the Secure Kernel Code Integrity DLL (skci.dll), as opposed to ci.dll.
However, It's worth noting that the default configuration is VBS without a Unified Extensible Firmware Interface (UEFI) Lock. As a result, an attacker could turn it off by tampering with the EnableVirtualizationBasedSecurity and RequirePlatformSecurityFeatures registry keys.
Even in cases where UEFI lock is enabled, the attacker could disable VBS by replacing one of the core files with an invalid counterpart. Ultimately, the exploitation steps an attacker needs to follow are below -
- Turning off VBS in the Windows Registry, or invalidating SecureKernel.exe
- Downgrading ci.dll to the unpatched version
- Restarting the machine
- Exploiting ItsNotASecurityBoundary DSE bypass to achieve kernel-level code execution
The only instance where it fails is when VBS is turned on with a UEFI lock and a "Mandatory" flag, the last of which causes boot failure when VBS files are corrupted. The Mandatory mode is enabled manually by means of a registry change.
"The Mandatory setting prevents the OS loader from continuing to boot in case the Hypervisor, Secure Kernel or one of their dependent modules fails to load," Microsoft notes in its documentation. "Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot."
Thus, in order to fully mitigate the attack, it's essential that VBS is enabled with UEFI lock and the Mandatory flag set. In any other mode, it makes it possible for an adversary to turn the security feature off, perform the DDL downgrade, and achieve a DSE bypass.
"The main takeaway [...] is that security solutions should try to detect and prevent downgrade procedures even for components that do not cross defined security boundaries," Leviev told The Hacker News.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.