Skip to main content

There’s a scary new way to undo Windows security patches

Person sitting and using an HP computer with Windows 11.
Microsoft

Security patches for Windows are essential for keeping your PC safe from developing threats. But downgrade attacks are a way of sidestepping Microsoft’s patches, and a security researcher set out to show just how fatal these can be.

SafeBreach security researcher Alon Leviev mentioned in a company blog post that they’d created something called the Windows Downdate tool as a proof-of concept. The tool crafts persistent and irreversible downgrades on Windows Server systems and Windows 10 and 11 components.

Recommended Videos

Leviev explains that his tool (and similar threats) performs a version-rollback attack, “designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.”

He also mentions that you can use the tool to expose the PC to older vulnerabilities sourced in drivers, DLLs, Secure Kernel, NT Kernel, the Hypervisor, and more. Leviev went on to post the following on X (formerly Twitter): “Other than custom downgrades, Windows Downdate provides easy to use usage examples of reverting patches for CVE-2021-27090, CVE-2022-34709, CVE-2023-21768 and PPLFault, as well as examples for downgrading the hypervisor, the kernel, and bypassing VBS’s UEFI locks.”

If you have not checked it out yet, Windows Downdate tool is live! You can use it to take over Windows Updates to downgrade and expose past vulnerabilities sourced in DLLs, drivers, the NT kernel, the Secure Kernel, the Hypervisor, IUM trustlets and more!https://t.co/59DRIvq6PZ

— Alon Leviev (@_0xDeku) August 25, 2024

What’s also concerning is that the tool is undetectable because it can’t be blocked by endpoint detection and response (EDR) solutions, and your Windows computer will continue to tell you it’s up to date even though it’s not. He also uncovered various ways to turn off Windows virtualization-based security (VBS), including Hypervisor-Protected Code integrity (HVCI) and Credential Guard.

Microsoft released a security update (KB5041773) on August 7 to fix the CVE-2024-21302 Windows Secure Kernel Mode privilege escalation flaw and a patch for CVE-2024-38202. Microsoft has also released some tips Windows users can take to stay safe, such as configuring “Audit Object Access” settings to scan for file access attempts. The release of this new tool shows how exposed PCs are to all sorts of attacks and how you should never let your guard down when it comes to cybersecurity.

The good news is that we can rest easy for now since the tool was created as a proof-of-concept, an example of “white-hat hacking” to discover vulnerabilities before threat actors do. Also, Leviev handed over his findings to Microsoft in February 2024, and hopefully, the software giant will have the necessary fixes soon.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Another annoying bug is spoiling the fun in Windows 11 24H2
The Surface Pro 11 on a white table in front of a window.

The latest big update to Windows 11 has already caused its fair share of headaches. This time the trouble is with File Explorer. A new bug makes it difficult to open the File Explorer app as it makes the menu appear outside the screen, Windows Latest reports.

The latest bug impacts the "See more" menu, making it practically impossible to access when you select the ellipses. Instead, it only shows you a few of the available options. This error usually appears when you use File Explorer in full screen. When you're able to see all the options in the "See more" menu, you'll see options such as:

Read more
Gamers are finally flocking to Windows 11 after 3 years
Spider-man running on the Asus ROG PG42UQG.

Windows 11 is getting a lot more popular lately. In the latest Steam hardware survey, Valve clocked that 51.97% of its user base is now using Windows 11, which is a 4.28% increase compared to last month and the highest share the operating system has ever seen, despite being readily available for over three years.

Windows 10, the second-most popular operating system on Steam, fell by 2.71%, and now makes up 45.95% of the users Valve surveyed. Just a couple of months ago, when Valve released its August survey results, Windows 11 overtook Windows 10 for the first time in the hardware survey. The gap is only widening now, with the share lost by Windows 10 going almost directly to Windows 11. Earlier this year, Windows 11 adoption was actually down on the Steam hardware survey, with some claiming that Windows 10 offered better gaming performance.

Read more
You have one year to safely use Windows 10 before you’ll need to pay
Windows 11 logo on a laptop.

Microsoft will be allowing consumers to join its Extended Security Updates (ESU) program for the first time next year, and it announced the program pricing today in a blog post. The official end-of-service date for Windows 10 is October 14, 2025, but by paying $30 to join the ESU program, you can receive an extra year of security updates. This will allow you to continue safely using Windows 10 until around October 2026, a full two years from now.

By the time support for Windows 10 ends, it will be almost exactly four years since Windows 11 launched and a decade since Windows 10 launched. It takes a lot of work to keep an operating system secure and running smoothly, which is why a company like Microsoft can't just endlessly support every version of Windows it's ever shipped. It would end up costing a lot more money than it made -- and that's not how businesses function.

Read more