In a recent development that has sent shockwaves through the cybersecurity community, security researcher Alon Leviev disclosed a serious vulnerability affecting Windows systems. This flaw allows attackers to perform a “downgrade” attack, reverting secure system components to outdated versions with known vulnerabilities. The theoretical threat has now materialized with the release of a tool named “Windows Downdate,” which is publicly available on GitHub.
Windows Downdate, developed in Python, is designed to work with Windows 10, Windows 11, and Windows Server. The tool allows attackers to roll back critical system elements, including DLLs, drivers, system kernels, and Hyper-V hypervisors, to versions that contain security flaws previously patched by updates. This downgrade process is invisible to the user, meaning that your system might appear to be up-to-date while silently exposing you to significant security risks.
Alon Leviev has made the tool accessible to the public for research and testing purposes. He highlighted the vulnerabilities exploited by Windows Downdate in documents CVE-2024-38202 and CVE-2024-21302. While Microsoft has addressed CVE-2024-21302, it is still working on a fix for the other vulnerability.
How to Protect Yourself
Although Windows Downdate is intended for research and does not inherently possess the capability to remotely downgrade systems, the risk remains that malicious actors could adapt it into a harmful executable. This could lead to situations where unsuspecting users might inadvertently run the tool, compromising their own systems.
To safeguard against potential misuse of Windows Downdate, it’s crucial to exercise caution with unsolicited emails and downloads. Avoid downloading files or applications from untrusted sources and be particularly wary of links sent by unknown parties. Ensuring that your antivirus software is up-to-date can also help in detecting and preventing the execution of malicious files. As long as you do not manually execute Windows Downdate on your machine, you should remain protected from this specific threat.