Skip to main content

This Windows Update exploit is downright terrifying

Windows Update running on a laptop.
Clint Patterson / Unsplash

Windows Update may occasionally backfire with faulty patches, but for the most part, it’s meant to keep us safe from the latest threats. Microsoft regularly pushes new patches that address potential vulnerabilities. But what if there were a tool that could undo every Windows Update and leave your PC exposed to all the threats Microsoft thought it had already fixed? Bad news: Such a tool now exists, and it’s called Windows Downdate.

Don’t worry, though. You’re safe from Windows Downdate — at least for now. The tool was developed as a proof-of-concept by SafeBreach researcher Alon Leviev, and although its potential is nothing short of terrifying, it was made in good faith as an example of something called “white-hat hacking,” where researchers try to find vulnerabilities before malicious threat actors can do it first.

In the case of Windows Downdate, if this fell into the wrong hands, the impact could be staggering. The exploit relies on a flaw in Windows Update to install older updates where certain vulnerabilities haven’t been patched yet. Leviev used the tool to downgrade dynamic link libraries (DLL), drivers, and even the NT kernel, which is a core component in Windows. This is achieved while bypassing all verification, and the result is entirely invisible and irreversible.

“I was able to make a fully patched Windows machine susceptible to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term ‘fully patched’ meaningless on any Windows machine in the world,” said Leviev in a SafeBreach post. “After these downgrades, the OS reported that it was fully updated and was unable to install future updates, while recovery and scanning tools were unable to detect issues.”

The Windows Downgrade tool.
Alon Leviev / SafeBreach

Leviev also discovered that the entire virtualization stack in Windows was also susceptible to this exploit; the researcher managed to downgrade Credential Guard’s Isolated User Mode Process, Hyper-V’s hypervisor, and Secure Kernel. Leviev even found “multiple ways” to turn off virtualization-based security (VBS) in Windows, and this was still possible even when UEFI locks were enforced.

“To my knowledge, this is the first time VBS’s UEFI locks have been bypassed without physical access,” Leviev said.

Windows Downdate can essentially undo every security patch ever created, then trick the PC into thinking everything is fine as it stealthily exposes it to hundreds of different threats. A tool such as this could wreak some serious havoc on any OS, and Leviev suspects that other operating systems, such as MacOS and Linux, might be at risk as well.

The good news is that Leviev intended to protect Windows users from a tool such as this, and the researcher reported his findings to Microsoft in February 2024. Microsoft issued two CVEs in response (CVE-2024-21302 and CVE-2024-38202) and appears to be hard at work fixing this vulnerability. Let’s hope that Microsoft is quicker to patch this exploit than non-ethical hackers are to use it to their own advantage.

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Windows gaming handhelds just got a huge new feature
Lies of P running on the Asus ROG Ally.

We love the ROG Ally and ROG Ally X, but Windows continues to be more of a hurdle on these devices than a benefit. Microsoft is beginning to make some progress here though, having announced an update to the Xbox Game Bar that would implement a new Compact Mode.

The Xbox Game Bar on Windows 11 has been more functional on larger monitors, where its extensive set of features could be easily accessed without overwhelming the user. However, in smaller devices, such as handheld gaming consoles or compact gaming laptops, the standard Game Bar interface feels cluttered and cumbersome. That is about to change.

Read more
It took Microsoft 30 years to change this Windows feature
The Surface Pro 11 on a white table in front of a window.

In 1996, Microsoft introduced the FAT32 file system as an update to the previous version, FAT16. At the time, Microsoft imposed a limit on the creation of FAT32 partitions, deciding that the maximum partition size would be 32GB. Now, 30 years later, the FAT file system supports partitions of up to 2TB -- and Microsoft is finally getting rid of that arbitrary limit from Windows 95 OSR 2.

FAT32, which stands for the 32-bit version of Microsoft's file allocation system, is far from the go-to option in Windows. NTFS is what most people use, and exFAT is there to fill in for many other use cases. Overshadowed by its two more widely used rivals, FAT32 managed to slip under the radar for 30 years.

Read more
Microsoft backs off on pressuring Windows 10 users to upgrade
Windows 11 and Windows 10 operating system logos are displayed on laptop screens.

Microsoft has announced that it will ease up the aggressive add tactic to get Windows 10 users to upgrade to Windows 11 after receiving negative backlash from users, as Windows Latest reports. There is no official word on whether stopping the full-screen multipage popups is permanent, but a plan to “share a new timeline in the coming months” was mentioned.

Windows 10 Home users saw these ads, but some Pro and Business users also saw them after rebooting their computers. Regardless of who saw them, the ads’ pause comes as the Windows 10 end-of-life date, October 14, 2025, approaches.

Read more