Researcher Alon Leviev from SafeBreach Labs has uncovered serious vulnerabilities in Microsoft's Windows Update architecture that could facilitate downgrade attacks.

These downgrade attacks, also referred to as version-rollback attacks, aim to revert updated software to older, vulnerable versions, exploiting previously patched vulnerabilities.

Leviev showcased a proof-of-concept tool named 'Windows Downdate' at the Black Hat conference, designed to help check systems for susceptibility to these attacks.

While Microsoft is actively working on fixes for these vulnerabilities, the company has stated it is not aware of any active exploitation attempts in the wild.

Leviev's research led to the identification of a flaw in the Windows Update components, which allowed him to manipulate the update action list undetected.

He emphasized the stealthy nature of downgrade attacks, which present a significant threat to system security.

Following Leviev's presentation, Microsoft plans to publish a CVE and provide guidelines for mitigating the risks associated with these vulnerabilities.

Leviev demonstrated how his technique could disable Virtualization-Based Security (VBS) and target privileged code in the Windows kernel.

His findings revealed that the Windows update process could be manipulated to downgrade critical components, including the OS kernel, DLLs, and drivers, without detection by security software.

Although the average system may be safe from this exploit, Leviev warns of similar downgrade issues and advises users to monitor updates for suspicious changes.

This research underscores the need for heightened awareness and investigation into OS-based downgrade attacks across all operating systems.