This cyberattack downgrades your version of Windows to one unprotected against attacks

Your Windows device could be downgraded by this attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities.

Alon Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32 (2024) as a tool namedWindows Downdate.

Leviev says the tool can be used to make “the term “fully patched” meaningless on any Windows machine in the world.”

Windows Downdate

Windows Downdate

Leviev started their journey with the aim of discovering a version-rollback exploit using Windows Update as a starting point. It turned out Windows Update had a significant flaw that allowed for a full takeover of the update process, including downgrading Windows versions.

By also exploiting access to critical OS components, including dynamic link libraries (DLLs), drivers, and NT kernel, Leviev was able to have the Windows machine report  it was fully updated and unable to download any updates without having recovery and scanning tools detect anything out of the ordinary.

Leviev then also discovered the virtualization stack could be tampered with as well, allowing a number of previously secure applications to be exposed to previously patched privilege escalation vulnerabilities, with Credential Guard’s Isolated User Mode Process, Secure Kernel, and Hyper-V’s hypervisor all being suceptible.

Finally, Windows virtualization-based security was also disabled even when secured by UEFI locks. This allowed Leviev to also disable security features such as Credential Guard and Hypervisor-Protected Code integrity. According to Leviev’s knowledge, “this is the first time VBS’s UEFI locks have been bypassed without physical access.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Leviev offers a number of suggestions to makeoperating systemsless vulnerable to downgrade attacks, including:

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?