When it comes to impact, downgrade attacks can have serious repercussions for organizations that rely heavily on Windows environments,” warned Chauhan. “These attacks can undo security patches, leaving systems vulnerable to previously addressed vulnerabilities, thus increasing the risk of data breaches, unauthorized access, and exposure of sensitive information.”
Furthermore, such attacks have the potential to disrupt operations by compromising critical infrastructure, resulting in downtime and financial implications. Sectors with strict regulatory requirements, such as financial services, healthcare, and the public sector, are at a higher risk. A successful downgrade attack in these industries could lead to regulatory fines and significant harm to an organization’s reputation and customer confidence.”
Leviev drew inspiration for this method from the BlackLotus UEFI Bootkit 2023, which demonstrated the severity of such attacks by downgrading the Windows boot manager to exploit CVE-2022-21894, bypassing Secure Boot, and disabling other OS security measures. “The malware was able to persist even on fully updated Windows 11 systems, causing concern within the cybersecurity community,” Leviev explained.