Experts have released a tool named , which can be used for downgrade attacks on , , and versions.

This attack allows the exploitation of already patched vulnerabilities, as the operating system is once again susceptible to the old flaws.

It is an open-source tool, precompiled into an executable file, used for downgrading system components of 、 and .

https://github.com/SafeBreach-Labs/WindowsDowndate

Shared several examples of using the tool, which allows you to roll back updates to the hypervisor (to a version from two years ago), kernel, drivers, filter manager (to the base version), and other components and previously applied patches.

Through , you can control updates to downgrade and expose, drive, kernel, secure kernel, hypervisor, and other past vulnerabilities contained therein.

In addition to custom downgrades, it also includes easy-to-use examples of patch rollback for --, --, --, and --, as well as examples of hypervisor downgrades, kernel downgrades, and bypassing -- blocks.

Recall that the expert first discussed this attack and the related vulnerabilities ( -- and -- ) at the conference, where he explained that it was nearly impossible to detect using the tool because the solution could not stop the attack, and the update considered the device to be fully updated.

I have discovered multiple methods to disable security, including Hypervisor-Protected Code Integrity (HVCI), even when using Secure Boot.

As far as I know, this is the first time a block has been bypassed without physical access.

As a result, I was able to make a fully patched machine vulnerable to thousands of old vulnerabilities, turning already patched flaws into days, and rendering the term "fully patched" meaningless for any system in the world.

Although an update ( ) was released on to address the security kernel mode -- privilege elevation vulnerability.

However, the company has not yet patched the privilege escalation vulnerability in the update stack.