A Windows version-rollback vulnerability has been discovered by a cybersecurity researcher named Alon Leviev who presented the same at Black Hat USA 2024 and DEF CON 32 (2024). This tool, which has been named "Windows Downdate” allows a fully patched Windows machine to be downgraded to an older version using the Windows Update as a starting point, enabling the exploitation of previously patched zero-days and vulnerabilities.

The vulnerability enabled systems to be fully updated and made them unable to download any updates without having recovery and scanning tools detect anything unusual. The researcher also discovered that the virtualization stack could be tampered with as well, allowing several previously secure applications to be exposed to previously patched privilege escalation vulnerabilities. Windows virtualization-based security was also disabled even when secured by UEFI locks. This allowed the disablement of security features such as Credential Guard and Hypervisor-Protected Code integrity. Read more about this story on our LinkedIn page