Windows Update Vulnerability Uncovered: How Downgrade Attacks Can Compromise Your System Security

A security researcher from SafeBreach has discovered a vulnerability in Windows Update that can degrade parts of the operating system. In this way, malicious parties can still exploit previously existing vulnerabilities.

The security researcher made a Windows Downdate tool to demonstrate that the vulnerabilities can be exploited. That tool downgrades Windows 10 and 11, among other things, ‘invisible and irreversible’, with Windows Update also thinking that there are no more security updates to download. The tool downloads DLLs, drivers and the NT kernel, among other things.

Microsoft says to use the Downdate tool, two vulnerabilities are used in Windows: CVE-2024-21302 in CVE-2024-38202. Vulnerability 38202 requires attackers to convince an administrative user to system recovery be able to exploit the vulnerability. The company says they are working on a solution, but they also say this is a ‘complex’ situation that requires a lot of testing. Microsoft Defender for Endpoint should now be able to identify the exploit and alert users.