Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Windows Downdate: The Tool Making “Fully Patched” Windows a Joke
Cybersecurity researcher Alon Leviev has discovered a version-rollback vulnerability, exploiting Windows Update to downgrade fully patched Windows machines. His tool, Windows Downdate, makes the term “fully patched” meaningless. Leviev unveiled his findings at Black Hat USA 2024 and DEF CON 32, exposing critical security flaws…
Hot Take:
Move over, Windows Update! Alon Leviev just made you the new “Oops, I did it again” of the cybersecurity world. With a tool named “Windows Downdate,” he’s turned “fully patched” into an inside joke among hackers. Windows just got a serious throwback — and we don’t mean the good kind.
Key Points:
- Alon Leviev discovered a version-rollback vulnerability in Windows and presented his findings at Black Hat USA 2024 and DEF CON 32.
- The tool, named “Windows Downdate,” can downgrade a fully patched Windows machine to an older version, making it vulnerable to previously patched zero-days.
- The exploit affects critical OS components like DLLs, drivers, and the NT kernel, making recovery and scanning tools ineffective.
- Leviev also found that the Windows virtualization stack and security features such as Credential Guard and Hypervisor-Protected Code Integrity could be disabled.
- He suggested several measures to make operating systems less vulnerable to downgrade attacks, including re-evaluating old design features and researching in-the-wild attacks.
Already a member? Log in here