Sheejith's Personal Site

Windows Downdate tool lets you 'unpatch' Windows systems

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems.

In such attacks, threat actors force up-to-date targeted devices to revert to older software versions, thus reintroducing security vulnerabilities that can be exploited to compromise the system.

Windows Downdate is available as an open-source Python-based program and a pre-compiled Windows executable that can help downgrade Windows 10, Windows 11, and Windows Server system components.

Leviev has also shared multiple usage examples that allow downgrading the Hyper-V hypervisor (to a two-year-old version), Windows Kernel, the NTFS driver, and the Filter Manager driver (to their base versions), and other Windows components and previously applied security patches.

"You can use it to take over Windows Updates to downgrade and expose past vulnerabilities sourced in DLLs, drivers, the NT kernel, the Secure Kernel, the Hypervisor, IUM trustlets and more," SafeBreach security researcher Alon Leviev explained.

"Other than custom downgrades, Windows Downdate provides easy to use usage examples of reverting patches for CVE-2021-27090, CVE-2022-34709, CVE-2023-21768 and PPLFault, as well as examples for downgrading the hypervisor, the kernel, and bypassing VBS's UEFI locks."

Posted on: 9/2/2024 2:45:26 PM


Talkbacks

You must be logged in to enter talkback comments.