Skip to main content
  1. Home
  2. Computing
  3. News

This Windows Update exploit is downright terrifying

Add as a preferred source on Google
Windows Update running on a laptop.
Clint Patterson / Unsplash

Windows Update may occasionally backfire with faulty patches, but for the most part, it’s meant to keep us safe from the latest threats. Microsoft regularly pushes new patches that address potential vulnerabilities. But what if there were a tool that could undo every Windows Update and leave your PC exposed to all the threats Microsoft thought it had already fixed? Bad news: Such a tool now exists, and it’s called Windows Downdate.

Don’t worry, though. You’re safe from Windows Downdate — at least for now. The tool was developed as a proof-of-concept by SafeBreach researcher Alon Leviev, and although its potential is nothing short of terrifying, it was made in good faith as an example of something called “white-hat hacking,” where researchers try to find vulnerabilities before malicious threat actors can do it first.

Recommended Videos

In the case of Windows Downdate, if this fell into the wrong hands, the impact could be staggering. The exploit relies on a flaw in Windows Update to install older updates where certain vulnerabilities haven’t been patched yet. Leviev used the tool to downgrade dynamic link libraries (DLL), drivers, and even the NT kernel, which is a core component in Windows. This is achieved while bypassing all verification, and the result is entirely invisible and irreversible.

“I was able to make a fully patched Windows machine susceptible to thousands of past vulnerabilities, turning fixed vulnerabilities into zero-days and making the term ‘fully patched’ meaningless on any Windows machine in the world,” said Leviev in a SafeBreach post. “After these downgrades, the OS reported that it was fully updated and was unable to install future updates, while recovery and scanning tools were unable to detect issues.”

The Windows Downgrade tool.
Alon Leviev / SafeBreach

Leviev also discovered that the entire virtualization stack in Windows was also susceptible to this exploit; the researcher managed to downgrade Credential Guard’s Isolated User Mode Process, Hyper-V’s hypervisor, and Secure Kernel. Leviev even found “multiple ways” to turn off virtualization-based security (VBS) in Windows, and this was still possible even when UEFI locks were enforced.

“To my knowledge, this is the first time VBS’s UEFI locks have been bypassed without physical access,” Leviev said.

Windows Downdate can essentially undo every security patch ever created, then trick the PC into thinking everything is fine as it stealthily exposes it to hundreds of different threats. A tool such as this could wreak some serious havoc on any OS, and Leviev suspects that other operating systems, such as MacOS and Linux, might be at risk as well.

The good news is that Leviev intended to protect Windows users from a tool such as this, and the researcher reported his findings to Microsoft in February 2024. Microsoft issued two CVEs in response (CVE-2024-21302 and CVE-2024-38202) and appears to be hard at work fixing this vulnerability. Let’s hope that Microsoft is quicker to patch this exploit than non-ethical hackers are to use it to their own advantage.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Apple’s Hide My Email feature has an unfixed bug that leaves email addresses exposed
100% exploitable in limited testing, known since June 2025, and still unfixed as of today.
apple-merging-sign-in-with-apple-hide-my-email-icloud+

Apple has been selling Hide My Email to keep your real email address hidden, but it has a vulnerability that does the exact opposite. The worst part is that the company has known about it for a year. 

Hide My Email, part of Apple’s paid iCloud+ subscription, lets users generate anonymous email addresses for signing up to a website, so that their personal or work email remains free of promotional emails and spam. 

Read more
I hate sharing my Mac, but a face-unlocking app finally cured my privacy paranoia
Someone finally built the app locker every Mac user has been asking for.
FaceGate in action on Mac

If you have ever handed your Mac to a friend, family member, or coworker for "just a minute," you know the mild panic that follows. Sure, your Mac has a lock screen, but once someone is past it, they can open Messages, Photos, Notes, Mail, WhatsApp, and your browser.

iPhones had the same issue, but Apple solved it by adding an app lock feature with the iOS 18 update. Sadly, no such feature exists for macOS. That’s where the new FaceGate app for Mac can help you. It’s a free and open-source app that lets you lock apps on your Mac and even has some novel tricks up its sleeve. So, let’s talk about it, shall we?

Read more
The charm of a tiny Windows tablet is apparently dead at Microsoft. Long live the Surface Go!
Microsoft’s budget Surface era may be over
Microsoft Surface Go 3 stand.

Microsoft might be cleaning up its Surface lineup. According to Windows Central, Microsoft has stopped manufacturing the Surface Go and Surface Laptop Go lines, with no successors currently planned. Surface Go 4 and Surface Laptop Go 3 are reportedly out of stock in most places, and once remaining retail stock is gone, that may be it.

If this is true, then we are looking at the end of the brand's budget Surface PCs as Microsoft has plenty of premium Windows hardware.

Read more