Windows Downdate: The Tool Making “Fully Patched” Windows a Joke
Cybersecurity researcher Alon Leviev has discovered a version-rollback vulnerability, exploiting Windows Update to downgrade fully patched Windows machines. His tool, Windows Downdate, makes the term “fully patched” meaningless. Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32, exposing critical security flaws and virtualization-based security bypasses.
Hot Take:
Move over, Windows Update! Alon Leviev just made you the new “Oops, I did it again” of the cybersecurity world. With a tool named “Windows Downdate,” he’s turned “fully patched” into an inside joke among hackers. Windows just got a serious throwback — and we don’t mean the good kind.
Key Points:
- Alon Leviev discovered a version-rollback vulnerability in Windows and presented his findings at Black Hat USA 2024 and DEF CON 32.
- The tool, named “Windows Downdate,” can downgrade a fully patched Windows machine to an older version, making it vulnerable to previously patched zero-days.
- The exploit affects critical OS components like DLLs, drivers, and the NT kernel, making recovery and scanning tools ineffective.
- Leviev also found that the Windows virtualization stack and security features such as Credential Guard and Hypervisor-Protected Code Integrity could be disabled.
- He suggested several measures to make operating systems less vulnerable to downgrade attacks, including re-evaluating old design features and researching in-the-wild attacks.
Already a member? Log in here