Get all your news in one place.

100’s of premium titles.
One app.

Get all your news in one place.

100’s of premium titles. One news app.

TechRadar

Benedict Collins

This cyberattack downgrades your version of Windows to one unprotected against attacks

Windows Microsoft

Microsoft Security - Editorial Only.

A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities.

Alon Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32 (2024) as a tool named Windows Downdate.

Leviev says the tool can be used to make “the term “fully patched” meaningless on any Windows machine in the world.”

Windows Downdate

Leviev started their journey with the aim of discovering a version-rollback exploit using Windows Update as a starting point. It turned out Windows Update had a significant flaw that allowed for a full takeover of the update process, including downgrading Windows versions.

By also exploiting access to critical OS components, including dynamic link libraries (DLLs), drivers, and NT kernel, Leviev was able to have the Windows machine report it was fully updated and unable to download any updates without having recovery and scanning tools detect anything out of the ordinary.

Leviev then also discovered the virtualization stack could be tampered with as well, allowing a number of previously secure applications to be exposed to previously patched privilege escalation vulnerabilities, with Credential Guard’s Isolated User Mode Process, Secure Kernel, and Hyper-V’s hypervisor all being suceptible.

Finally, Windows virtualization-based security was also disabled even when secured by UEFI locks. This allowed Leviev to also disable security features such as Credential Guard and Hypervisor-Protected Code integrity. According to Leviev’s knowledge, “this is the first time VBS’s UEFI locks have been bypassed without physical access.”

Leviev offers a number of suggestions to make operating systems less vulnerable to downgrade attacks, including:

Researching and implementing security measures that check for and prevent the downgrade of critical OS components.
Reviewing all design features as an attack surface, even old ones.
Research in-the-wild-attacks to evaluate whether other components or areas are vulnerable to attack.

More from TechRadar Pro

These are the best firewalls around today
Check that email carefully — experts warn anti-phishing tools in Microsoft 365 can be easily bypassed
Take a look at the best VPN with antivirus

Sign up to read this article

Read news from 100’s of titles, curated specifically for you.

Already a member? Sign in here

Top stories on inkl right now

Republican Bernie Moreno takes Ohio Senate seat from Democrat Sherrod Brown

Republican Bernie Moreno takes Ohio Senate seat from Democrat Sherrod Brown

Result represents major blow to Democratic hopes of retaining control of US Senate

The Guardian - US

Cal Hendrick wins Odessa mayor’s race, beating incumbent who focused on faith

Cal Hendrick wins Odessa mayor’s race, beating incumbent who focused on faith

Odessa City Council critics have worried Joven and his allies have focused too much on social issues and not enough on infrastructure.

The Texas Tribune

California Democrat Adam Schiff wins Dianne Feinstein’s former Senate seat

California Democrat Adam Schiff wins Dianne Feinstein’s former Senate seat

Schiff, who led Donald Trump’s first impeachment trial in the House, defeats Republican Steve Garvey

The Guardian - US

Will abortion prompt Arizona voters to lean more Democratic?

Will abortion prompt Arizona voters to lean more Democratic?

Abortion is on the ballot in Arizona and nine other states during the US general election. Will it sway voters?

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Trump Ally Ted Cruz Survives Another Aggressive Challenge to His Texas Senate Seat

Trump Ally Ted Cruz Survives Another Aggressive Challenge to His Texas Senate Seat

Polls predicted a tight race but the incumbent managed to secure a firm lead, boosted by his support in rural areas

Sarah McBride becomes first out trans person elected to US House

Sarah McBride becomes first out trans person elected to US House

McBride wins Delaware’s at-large House seat against Republican candidate John Whalen III, a former state police officer

The Guardian - US

Related Stories

Top stories on inkl right now

Republican Bernie Moreno takes Ohio Senate seat from Democrat Sherrod Brown

Republican Bernie Moreno takes Ohio Senate seat from Democrat Sherrod Brown

Result represents major blow to Democratic hopes of retaining control of US Senate

The Guardian - US

Cal Hendrick wins Odessa mayor’s race, beating incumbent who focused on faith

Cal Hendrick wins Odessa mayor’s race, beating incumbent who focused on faith

Odessa City Council critics have worried Joven and his allies have focused too much on social issues and not enough on infrastructure.

The Texas Tribune

California Democrat Adam Schiff wins Dianne Feinstein’s former Senate seat

California Democrat Adam Schiff wins Dianne Feinstein’s former Senate seat

Schiff, who led Donald Trump’s first impeachment trial in the House, defeats Republican Steve Garvey

The Guardian - US

Will abortion prompt Arizona voters to lean more Democratic?

Will abortion prompt Arizona voters to lean more Democratic?

Abortion is on the ballot in Arizona and nine other states during the US general election. Will it sway voters?

One subscription that gives you access to news from hundreds of sites

Already a member? Sign in here

Trump Ally Ted Cruz Survives Another Aggressive Challenge to His Texas Senate Seat

Trump Ally Ted Cruz Survives Another Aggressive Challenge to His Texas Senate Seat

Polls predicted a tight race but the incumbent managed to secure a firm lead, boosted by his support in rural areas

Sarah McBride becomes first out trans person elected to US House

Sarah McBride becomes first out trans person elected to US House

McBride wins Delaware’s at-large House seat against Republican candidate John Whalen III, a former state police officer

The Guardian - US

Our Picks

Influencer banned from New York City Marathon after camera crew followed him on e-bikes

Matt Choi receives lifetime ban from NYC Marathon after runners complained his camera crew had obstructed the course

The Independent UK

Barry Keoghan Dismisses Prosthetic Rumors About Viral ‘Saltburn’ Dance Scene: “It Was All Me”

"It was all me." Actor Barry Keoghan categorically denied the usage of prosthetic equipment to “enhance” his intimate parts in a naked scene on the movie Saltburn. The post Barry Keoghan Dismisses Prosthetic Rumors About Viral ‘Saltburn’ Dance Scene: “It Was All Me” first appeared on Bored Panda.

Selena Gomez had the perfect response to cruel body shamers

She's happy with her body, thank you very much

“Disgusting”: Brad Pitt Fan Accused Of ‘Harassing’ Actor After Kissing Him And Grabbing His Neck

"How disgusting that someone you don't know kisses you without your permission." The post “Disgusting”: Brad Pitt Fan Accused Of ‘Harassing’ Actor After Kissing Him And Grabbing His Neck first appeared on Bored Panda.

Squid Game season 2: when is it coming out and who's in the cast?

Details of a long-awaited sequel to the smash-hit Netflix show have emerged

Evening Standard

Family Feud reveals the most common fact Americans know about Prince Harry – and it’s not flattering

The top answer for things ‘people know about Prince Harry’ was his marriage to Meghan Markle

The Independent UK

Fourteen days free

Download the app

One app. One membership.
100+ trusted global sources.

Download on the AppStore

Get it on Google Play