New Windows Downdate Tool Reverts Security Patches, Exposing Old Vulnerabilities

SafeBreach releases open-source tool that silently downgrades Windows updates, making patched systems vulnerable again.

The Windows Downdate tool can revert Windows 10, 11, and Server systems to older, vulnerable versions.
Created by security researcher Alon Leviev, the tool exploits CVE-2024-21302 and CVE-2024-38202 vulnerabilities.
Windows Update will falsely report systems as up-to-date even after downgrades, bypassing endpoint detection.
Leviev's examples include downgrading the Hyper-V hypervisor, Windows Kernel, and NTFS driver.
Microsoft has patched CVE-2024-21302 but has yet to address CVE-2024-38202; users should follow mitigation steps.