Global Incident: Hackers Out-Patch Windows Updates

Hackers have figured out a way to trick even the most up-to-date Windows machines into acting like they're living in the past. By hijacking the Windows Update process, they’re able to install outdated, vulnerable components on a machine that thinks it’s fully patched, leaving your PC vulnerable to sinister attacks. Once inside, there's a number of techniques they use to cause chaos to your machine.

Devious Downgrades: Hackers have found a way to downgrade the Windows kernel (the core of the OS) to an older, less secure state by swapping out the updated ci.dll file, which verifies driver signatures, for an older version. This effectively bypasses the need for signatures, meaning malware can take over with few obstacles.

Time Travel Trickery: Tools like Windows Downdate can be used to load outdated components that have since been patched, effectively re-opening old vulnerabilities, leaving your "healthy" PC exposed to malicious software. 

The Kernel and VBS Bypass: It's an ongoing struggle for office workers who want to make the simplest changes to their PCs but are blocked by Administrator Privileges. Frustrating for the user, but when hackers gain access they can manipulate system files and registry keys to disrupt Virtualisation-Based Security (VBS) - Windows’ security safe room. This lets attackers through with shady DLLs and wreak havoc on your PC's fundamental security systems.

Microsoft has acknowledged the risks of these kinds of attacks but is yet to patch the vulnerability, to avoid “cross[ing] a security boundary”. While they work on a fix, be wary of that “fully patched” label. 

If you want an IT team who is up to date with the latest cyber security concerns, and uses pre-emptive and proactive measures to keep your IT in good health, choose CDS for minimal risk, minimal stress, and guaranteed IT success.