Windows Downdate: Downgrade Attacks Using Windows Updates
Unknown
Black Hat USA 2024 · Day 1 · Briefing
In this compelling talk, security researcher Alon from Safe Reach unveils a novel class of attack dubbed "Windows Downdate," demonstrating how Windows's own update mechanisms can be subverted to perform sophisticated downgrade attacks. The research highlights a critical flaw in the Windows update architecture, allowing an attacker with administrative privileges to downgrade fully patched system components, including kernel drivers, to old, vulnerable versions. This reintroduction of known vulnerabilities can then be exploited for severe system compromise, such as kernel code execution.