Skip to content

T1562.010 Downgrade Attack

Adversaries may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support updated security controls such as logging. For example, PowerShell versions 5+ includes Script Block Logging (SBL) which can record executed script content. However, adversaries may attempt to execute a previous version of PowerShell that does not support SBL with the intent to Impair Defenses while running malicious scripts that may have otherwise been detected.142

Adversaries may downgrade and use less-secure versions of various features of a system, such as Command and Scripting Interpreters or even network protocols that can be abused to enable Adversary-in-the-Middle.5

Item Value
ID T1562.010
Sub-techniques T1562.001, T1562.002, T1562.003, T1562.004, T1562.006, T1562.007, T1562.008, T1562.009, T1562.010, T1562.011
Tactics TA0005
Platforms Linux, Windows, macOS
Version 1.1
Created 08 October 2021
Last Modified 19 May 2022


ID Mitigation Description
M1042 Disable or Remove Feature or Program Consider removing previous versions of tools that are unnecessary to the environment when possible.


ID Data Source Data Component
DS0017 Command Command Execution
DS0009 Process Process Creation