According to Leviev, he wanted to test the protection Windows offers against downgrade attacks. To his surprise, Windows barely has any fail safes to prevent unauthorized OS rollbacks. The researcher found serious security flaws in Windows Update that he exploited to gain elevated system privileges and breeze past Windows security. Using a custom tool called Windows Downdate, he managed to downgrade system files, drivers, and the Windows kernel (the core program which has full control over the operating system) on Windows 10 and 11.
The downgrades he made remained undetectable and persistent, meaning they were invisible to Windows Update and system recovery tools. They're also irreversible. The attack would trick the victim into thinking their machine is up-to-date (as Windows Update would confirm). But the core components would have been quietly replaced with older versions, exposing them to thousands of already-fixed vulnerabilities.
Leviev also discovered critical flaws in the Windows virtualization security, including Hyper V. Exploiting those flaws, he managed to downgrade and bypass virtualization security features. The researcher warns that Windows might not be the only operating system vulnerable to downgrade attacks.
There have been no attacks in the wild using this attack vector, which is good news. But Leviev demoed it at Black Hat USA 2024 and DEF CON 32 2024. He also reached out to Microsoft in February, when he first identified these threats.
Microsoft has since been working on an update to patch them, but six months later, it’s still not available. “We are actively developing mitigations to protect against these risks while following an extensive process involving a thorough investigation, update development across all affected versions, and compatibility testing, to ensure maximized customer protection with minimized operational disruption,” Microsoft stated in an official response.
Source: Alon Leviev via Safebreach
Your changes have been saved
Email is sent
Email has already been sent
Please verify your email address.
Send confirmation emailYou’ve reached your account maximum for followed topics.
The above is the detailed content of Windows Update Can Be Hijacked to Undo Security Patches. For more information, please follow other related articles on the PHP Chinese website!
win11 activation key permanent 2025Mar 18, 2025 pm 05:57 PMArticle discusses sources for a permanent Windows 11 key valid until 2025, legal issues, and risks of using unofficial keys. Advises caution and legality.
win11 activation key permanent 2024Mar 18, 2025 pm 05:56 PMArticle discusses reliable sources for permanent Windows 11 activation keys in 2024, legal implications of third-party keys, and risks of using unofficial keys.
Acer PD163Q Dual Portable Monitor Review: I Really Wanted to Love ThisMar 18, 2025 am 03:04 AMThe Acer PD163Q Dual Portable Monitor: A Connectivity Nightmare I had high hopes for the Acer PD163Q. The concept of dual portable displays, conveniently connecting via a single cable, was incredibly appealing. Unfortunately, this alluring idea quic
Top 3 Windows 11 Gaming Features That Outshine Windows 10Mar 16, 2025 am 12:17 AMUpgrade to Windows 11: Enhance Your PC Gaming Experience Windows 11 offers exciting new gaming features that significantly improve your PC gaming experience. This upgrade is worth considering for any PC gamer moving from Windows 10. Auto HDR: Eleva
The Best Monitor Light Bars of 2025Mar 08, 2025 am 03:02 AMReduce eye strain and brighten your workspace with a monitor light bar! These handy gadgets adjust brightness and color temperature, some even offering auto-dimming. This updated review (03/04/2025) highlights top picks across various needs. BenQ
Mozilla Thunderbird 136 Is Here, Switching to Monthly Updates by DefaultMar 07, 2025 am 01:19 AMFirefox 136 and Thunderbird 136: Enhanced Security and Performance The latest releases of Firefox and Thunderbird bring significant improvements in video playback smoothness, browsing security, and overall user experience. Let's delve into the key u
How to Create a Dynamic Table of Contents in ExcelMar 24, 2025 am 08:01 AMA table of contents is a total game-changer when working with large files – it keeps everything organized and easy to navigate. Unfortunately, unlike Word, Microsoft Excel doesn’t have a simple “Table of Contents” button that adds t
This Wild Ultra-Wide Alienware Monitor is $300 Off TodayMar 13, 2025 pm 12:21 PMAlienware AW3225QF: The best curved 4K display, is it worth buying? The Alienware AW3225QF is known as the best curved 4K display, and its powerful performance is unquestionable. The fast response time, stunning HDR effects and unlimited contrast, coupled with excellent color performance, are the advantages of this monitor. Although it is mainly aimed at gamers, if you can accept the shortcomings of OLED, it is also suitable for office workers who pursue high efficiency. Widescreen monitors are not only loved by gamers, but also favored by users who value productivity improvement. They are great for work and enhance anyone’s desktop experience. This Alienware monitor is usually expensive, but is currently enjoying it
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Zend Studio 13.0.1
Powerful PHP integrated development environment
SublimeText3 English version
Recommended: Win version, supports code prompts!
Dreamweaver Mac version
Visual web development tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
