Original Post: Windows Downdate: A New Cybersecurity Threat Reveals Vulnerability in Microsoft’s Update System | by eL Njas!™ | Aug, 2024
A recent discovery by security researcher Alon Leviev from SafeBreach unveiled a critical vulnerability in Microsoft’s Windows Update process. This flaw enables hackers to install older, less secure versions of the operating system, bypassing current security measures. During the Black Hat conference, Leviev showed how key OS components like DLLs, drivers, and the NT kernel could be downgraded, a method named “Windows Downdate.”
These downgrade or version-rollback attacks can potentially disrupt critical infrastructure and industries with stringent compliance requirements, such as financial services and healthcare, are particularly at risk. Inspired by the BlackLotus UEFI Bootkit 2023, which exploited a similar vulnerability, Leviev’s research indicated a broader risk that could affect other operating systems.
Despite recognizing the threat, Microsoft has yet to provide a reliable solution, though they have issued advisories (CVE-2024-38202 and CVE-2024-21302) without acknowledging active exploitation. Organizations must remain vigilant, enforcing security measures, including the Principle of Least Privilege (PoLP), to safeguard against such threats.
Go here to read the Original Post