A new attack technique can be used to bypass Microsoft Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) demotion attacks.
“This bypass allows the loading of unsigned kernel drivers, allowing attackers to deploy custom rootkits that can override security controls, hide processes and network activity, maintain stealth, and more,” SafeBreach researcher Alon Leviev. said in a report shared with The Hacker News.
Recent findings are based on preliminary analysis which discovered two elevation of privilege flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202), which can be used to roll back current Windows software to an older version that contains unpatched security vulnerabilities.
The exploit materialized in the form of a tool called Windows Downdate, which Leviev said could be used to hijack the Windows Update process to create completely invisible, permanent and irreversible downgrades of critical OS components.
This can have serious consequences as it offers attackers a better alternative to “Bring Your Own Vulnerable Driver” (BEUD) attackswhich allows them to downgrade core modules including the OS core itself.
Microsoft later addressed CVE-2024-21302 and CVE-2024-38202 on August 13 and October 8, 2024, respectively, as part of Update Tuesday.
The latest approach developed by Leviev uses a downgrade tool to downgrade the “ItsNotASecurityBoundary” DSE bypass patch on a fully updated Windows 11 system.
ItsNotASecurityBoundary was documented for the first time Elastic Security Labs researcher Gabriel Landau in July 2024 with PPLFault, describing them as a new class of flaws codenamed False File Immutability. Microsoft fixed this earlier in May.
In a nutshell, it uses race conditions to replace the proven security directory file with a malicious version containing an authentication code signature for an unsigned kernel driver, after which the attacker prompts the kernel to load the driver.
A Microsoft code integrity mechanism used to authenticate a file using a kernel-mode library ci.dllthen parses the fake security directory to verify the driver’s signature and downloads it, effectively giving the attacker the ability to execute arbitrary code in the kernel.
The DSE workaround is achieved by using a downgrade tool to replace the “ci.dll” library with an older version (10.0.22621.1376.) to override the patch installed by Microsoft.
However, there is a security barrier that can prevent such a bypass from being successful. If Virtualization-Based Security (VBS) is running on the target host, the directory scan is performed by the Secure Kernel Code Integrity DLL (skci.dll) instead of ci.dll.
However, it should be noted that the default configuration is VBS without locking the Unified Extensible Firmware Interface (UEFI). As a result, an attacker can disable it by forging the EnableVirtualizationBasedSecurity and RequirePlatformSecurityFeatures registry keys.
Even in cases where UEFI locking is enabled, an attacker can disable VBS by replacing one of the core files with an invalid counterpart. Ultimately, the exploitation steps that an attacker needs to follow are given below –
- Disable VBS in the Windows registry or invalidate SecureKernel.exe
- Downgrading ci.dll to a version without patches
- Restart the machine
- Using ItsNotASecurityBoundary bypasses DSE to achieve kernel-level code execution
The only case where it doesn’t work is when VBS is enabled with UEFI lock and “Required” checked, the latter of which causes the boot to fail if the VBS files are corrupted. Mandatory mode is enabled manually by modifying the registry.
“The mandatory option prevents the OS from continuing to boot if the hypervisor, secure kernel, or one of their dependent modules fails to load,” Microsoft said. notes in its documentation. “Extreme care should be taken before enabling this mode, as the system will refuse to boot if the virtualization modules fail.”
Therefore, to fully mitigate the attack, it is essential that VBS is enabled with UEFI lock and the Mandatory flag. In any other mode, it allows an adversary to disable the security feature, perform a DDL downgrade, and achieve a DSE bypass.
“The main takeaway (…) is that security solutions should try to detect and prevent downgrades even for components that don’t cross defined security boundaries,” Leviev told The Hacker News.
