back to article Your victim's Windows PC fully patched? Just force undo its updates and exploit away

Techniques to forcibly remove security patches from Windows machines so that fixed vulnerabilities are exploitable again were demonstrated this week. These methods are a handy means for rogue users, intruders, and malware that already have a presence on a victim's computer to remove updates supplied by Microsoft so that old …

  1. Sora2566 Silver badge

    Great. Now Microsoft has to develop updates that people can undo but malware can't - and I'll bet that they'll come down firmly on the side of making them hard for malware to undo over making them easy for people to undo.

  2. Khaptain Silver badge

    Full admin access

    I know that the article mentioned it but with full admin access you can do whatever you please, except for uninstalling CrowdStrike.

    In the next article we could have "what would happen if the bank left its front door and vault open at night in the middle of New York"

    1. diodesign (Written by Reg staff) Silver badge

      Re: Full admin access

      Yeah, yeah. We know, that's why our article is upfront about it. We were on the fence about the research and decided in the end to cover this because other outlets, including the Washington Post, were writing about this without mentioning the admin aspect at all.

      The PR team for the vendor told us, when we asked, that admin rights are needed or you need a priv'd user to intervene. But Microsoft think it's important enough to warrant a fix and there is an EoP aspect to it.

      We're not telling you to panic. We're telling you how it is. Give us some credit!

      C.

      1. Khaptain Silver badge

        Re: Full admin access

        Don't worry , I understood the general drift..

        And yes I will give credit for the "plus it reveals more about the inner workings of Windows".

        1. diodesign (Written by Reg staff) Silver badge

          Re: Re: Full admin access

          Thanks, friend. If it feels like tech media's lost its mind sometimes, we feel the same way reading other reports.

          C.

    2. Michael Wojcik Silver badge

      Re: Full admin access

      Perhaps you missed the part about downgrading the hypervisor?

  3. druck Silver badge
    Joke

    I have nightmares about this sort of exploit...

    ...that they make a version for Linux that downgrades me to Windows.

    But luckily I wake up at that point.

  4. mpi

    "It appears you must already have administrative access...

    , or be able to make a privileged account complete some steps"

    Ah, so I need to have full control of the system, in order to undo security updates to get full control of the system that I already have full control over so I can have full control over my full control.

    Got it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like