A new tool called Windows Downdate can trick your PC into thinking that it's fully patched, all the while exposing you to dangerous vulnerabilities.
Windows Update may occasionally backfire with faulty patches, but for the most part, it’s meant to keep us safe from the latest threats. Microsoft regularly pushes new patches that address potential vulnerabilities.
But what if there were a tool that could undo every Windows Update and leave your PC exposed to all the threats Microsoft thought it had already fixed? Bad news: Such a tool now exists, and it’s called Windows Downdate. Don’t worry, though. You’re safe from Windows Downdate — at least for now. The tool was developed as a proof-of-concept by SafeBreach researcher Alon Leviev, and although its potential is nothing short of terrifying, it was made in good faith as an example of something called “white-hat hacking,” where researchers try to find vulnerabilities before malicious threat actors can do it first. Recommended Videos In the case of Windows Downdate, if this fell into the wrong hands, the impact could be staggering. The exploit relies on a flaw in Windows Update to install older updates where certain vulnerabilities haven’t been patched yet. Leviev used the tool to downgrade dynamic link libraries , drivers, and even the NT kernel, which is a core component in Windows. This is achieved while bypassing all verification, and the result is entirely invisible and irreversible. “I was able to make a fully patched Windows machine susceptible to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term ‘fully patched’ meaningless on any Windows machine in the world,” said Leviev in a SafeBreach post. “After these downgrades, the OS reported that it was fully updated and was unable to install future updates, while recovery and scanning tools were unable to detect issues.” Leviev also discovered that the entire virtualization stack in Windows was also susceptible to this exploit; the researcher managed to downgrade Credential Guard’s Isolated User Mode Process, Hyper-V’s hypervisor, and Secure Kernel. Leviev even found “multiple ways” to turn off virtualization-based security in Windows, and this was still possible even when UEFI locks were enforced. “To my knowledge, this is the first time VBS’s UEFI locks have been bypassed without physical access,” Leviev said. Windows Downdate can essentially undo every security patch ever created, then trick the PC into thinking everything is fine as it stealthily exposes it to hundreds of different threats. A tool such as this could wreak some serious havoc on any OS, and Leviev suspects that other operating systems, such as MacOS and Linux, might be at risk as well. The good news is that Leviev intended to protect Windows users from a tool such as this, and the researcher reported his findings to Microsoft in February 2024. Microsoft issued two CVEs in response and appears to be hard at work fixing this vulnerability. Let’s hope that Microsoft is quicker to patch this exploit than non-ethical hackers are to use it to their own advantage.
Cybersecurity Windows Windows Downdate Windows Update
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Try this limited-time deal if you want Windows 11 Pro and Microsoft Office for life for under $50Windows 11 Pro makes quite a lot of changes, even over Windows 11 Home.
Read more »
Try this limited-time deal if you want Windows 11 Pro and Microsoft Office for life for under $50Windows 11 Pro makes quite a lot of changes, even over Windows 11 Home.
Read more »
Try this limited-time deal if you want Windows 11 Pro and Microsoft Office for life for under $50Windows 11 Pro makes quite a lot of changes, even over Windows 11 Home.
Read more »
8.5 million computers running Windows affected by faulty update from CrowdStrikeAs the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.
Read more »
CrowdStrike Update: Microsoft Releases Windows Tool To Fix 8.5 Million MachinesDavey is a four-decade veteran technology journalist and contributing editor at PC Pro magazine, a position he has held since the first issue was published in 1994. You can follow Davey on Mastodon, Twitter/X and most social networks as happygeek. Davey has spent more than 30 years as a freelance technology journalist.
Read more »
PC gamers still prefer Windows 10 over Windows 11Windows 10 has over 50% market share in the latest Steam hardware and software survey.
Read more »