Security researcher Alon Levie of SafeBreach has discovered two vulnerabilities in Windows Update. Their exploitation allows you to downgrade the operating system to undo applied security patches in order to subsequently exploit known vulnerabilities for attacks. The issue affects Windows 11, Windows 10, and Windows Server.
Image source: Copilot
Using these vulnerabilities, an attacker can remove previously downloaded security updates from a Windows device in order to be able to exploit old vulnerabilities that have already been patched. In fact, an attacker can “roll back” the updated OS to an older version, in which already fixed vulnerabilities remain relevant.
This news is unpleasant for Windows users who regularly update their OS and install the latest security patches. According to the source, Microsoft has been aware of the mentioned problem since February 2024, but so far the software giant has not released fixes for these vulnerabilities. Microsoft is known to be working on a fix and has also released some details about CVE-2024-38202 and CVE-2024-21302 that will help limit potential damage while there is no official patch yet.
Ultimately, the vulnerabilities mentioned could give an attacker complete control over the update process to downgrade critical Windows components such as dynamic link libraries (DLLs) and the NT kernel. The researcher also discovered that the entire virtualization stack was at risk. He managed to downgrade the Hyper-V hypervisor, Secure Kernel and Credential Guard. All this makes it possible to use previously closed vulnerabilities to compromise the system. At the same time, when checking through Windows Update, the system itself looks as if it is still updated to the current version.
According to Microsoft, there is currently no evidence that Windows Update vulnerabilities were used in actual hacking attacks. It is not yet known when exactly a patch will be released to fix the problem.