Windows Update’s Secret: How Yesterday’s Bugs Haunt Today’s Machines
A flaw in Windows Update, discovered by SafeBreach Labs researcher Alon Leviev, allows attackers to downgrade Windows to older versions, reintroducing previously patched vulnerabilities.
Lily Hay Newman writes for WIRED
New research being presented at the Black Hat security conference in Las Vegas today shows that a vulnerability in Windows Update could be exploited to downgrade Windows to older versions, exposing a slew of historical vulnerabilities that then can be exploited to gain full control of a system. Microsoft says that it is working on a complex process to carefully patch the issue, dubbed “Downdate.”
This exploit, dubbed "Downdate," leverages the Windows Update process itself, making it difficult to detect as the system appears up-to-date despite the downgrade. The vulnerability can be used to disable critical security features like Virtualization-Based Security (VBS) and gain control over the system's core.
Microsoft is working on complex mitigations to address the issue, but no known exploits have been observed in the wild