According to Leviev, he wanted to test the protection Windows offers against downgrade attacks. To his surprise, Windows barely has any fail safes to prevent unauthorized OS rollbacks. The researcher found serious security flaws in Windows Update that he exploited to gain elevated system privileges and breeze past Windows security. Using a custom tool called Windows Downdate, he managed to downgrade system files, drivers, and the Windows kernel (the core program which has full control over the operating system) on Windows 10 and 11.
The downgrades he made remained undetectable and persistent, meaning they were invisible to Windows Update and system recovery tools. They're also irreversible. The attack would trick the victim into thinking their machine is up-to-date (as Windows Update would confirm). But the core components would have been quietly replaced with older versions, exposing them to thousands of already-fixed vulnerabilities.
Leviev also discovered critical flaws in the Windows virtualization security, including Hyper V. Exploiting those flaws, he managed to downgrade and bypass virtualization security features. The researcher warns that Windows might not be the only operating system vulnerable to downgrade attacks.
There have been no attacks in the wild using this attack vector, which is good news. But Leviev demoed it at Black Hat USA 2024 and DEF CON 32 2024. He also reached out to Microsoft in February, when he first identified these threats.
Microsoft has since been working on an update to patch them, but six months later, it’s still not available. “We are actively developing mitigations to protect against these risks while following an extensive process involving a thorough investigation, update development across all affected versions, and compatibility testing, to ensure maximized customer protection with minimized operational disruption,” Microsoft stated in an official response.
Source: Alon Leviev via Safebreach
Your changes have been saved
Email is sent
Email has already been sent
Please verify your email address.
Send confirmation emailYou’ve reached your account maximum for followed topics.
The above is the detailed content of Windows Update Can Be Hijacked to Undo Security Patches. For more information, please follow other related articles on the PHP Chinese website!
How to Change Default View in File Explorer (Windows 11)May 09, 2025 pm 02:02 PMCustomize Your Windows 11 File Explorer: A Guide to Setting and Saving Your Preferred View Tired of File Explorer's default view? This guide shows you how to easily change and permanently save your preferred folder view in Windows 11, whether it's l
Fedora 42 Joins the Windows Subsystem for LinuxMay 09, 2025 am 03:01 AMPushing the boundaries of Linux: exploring unusual applications. Purely for fun, of course. Posts 7 Technically, you can create a WSL image for any compatible Linux distribution. However, officially supported images offer a significantly smoother e
How to Move a Window When You Can't Click on the Title BarMay 09, 2025 am 01:03 AMWhen applications unexpectedly extend beyond your screen's edges, accessing their title bars becomes impossible. This is especially common with dual monitors but can occur on single displays as well. This guide offers solutions for regaining control
This Limited-Edition 'Skeleton” HDD Shows You How It Writes BytesMay 08, 2025 pm 09:04 PMThe HD-SKL, a limited-edition hard drive, is a modern take on Buffalo's 1998 Skeleton Hard Disk. The original, a 4.3GB drive with a clear acrylic case, was produced in a limited run of 500 units. While Buffalo cites its 1978 Melco 3533 turntable as
The New Surface Pro Doesn't Feel ProMay 08, 2025 am 06:01 AMThe new Surface Pro: A step back? Microsoft's latest Surface Pro offers connectivity via two USB-C ports, supporting charging, USB 3.2 data transfer, and DisplayPort 1.4a (up to two 4K monitors at 60Hz). However, the device ships without a power ad
Microsoft Challenges the MacBook Air With New Surface LaptopMay 08, 2025 am 03:02 AMMicrosoft's latest Surface Laptop aims to rival the MacBook Air, but with some notable compromises. The absence of a Surface Connect port marks a significant departure from previous models, reflecting the growing prevalence of Thunderbolt and USB do
Solve the problem that the svn plugin in eclipse always prompts for password inputMay 07, 2025 pm 05:03 PM1. Background Recently, when using the svn plug-in to manage remote warehouse code in eclipse, prompts to enter passwords are always prompted to enter passwords, which is particularly annoying. After hard work, I finally solved the problem and shared it with you~ 2. Analysis of the password mechanism of the svn plug-in and the cause of the problem. When we use the svn plug-in for the first time and enter the password, a file that saves the password will be generated, and then the svn plug-in will read the username and password information by default every time. When eclipse is started, the configuration information will be automatically read into the program cache. After the password of svn is modified, it is impossible to log in again, and there is no prompt to re-enter the password. At this time, we can delete the relevant configuration files and let the svn plugin prompt us to re-enter the password. However, ec
How to restore the win8 system details stepsMay 07, 2025 pm 05:00 PMThe steps to start system restore in Windows 8 are: 1. Press the Windows key X to open the shortcut menu; 2. Select "Control Panel", enter "System and Security", and click "System"; 3. Select "System Protection", and click "System Restore"; 4. Enter the administrator password and select the restore point. When selecting the appropriate restore point, it is recommended to select the restore point before the problem occurs, or remember a specific date when the system is running well. During the system restore process, if you encounter "The system restore cannot be completed", you can try another restore point or use the "sfc/scannow" command to repair the system files. After restoring, you need to check the system operation status, reinstall or configure the software, and re-back up the data, and create new restore points regularly.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
