A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities. Presented at Black Hat USA 2024 Briefings and DEFCON 32 under the title “Windows Downdate: Downgrade Attacks Using Windows Updates”.
Using Windows Downdate you can downgrade critical OS components, DLLs, Drivers, the NT kernel, the Secure Kernel, the Hyper-V hypervisor, Credential Guard and much more!
To install Windows Downdate, follow the steps below.
python311 setup.py install
Windows Downdate also supports PyInstaller pre-compiled binary that you can download here
Windows Downdate operates on a config XML file that specifies the files to downgrade
windows_downdate.py --config-xml <CONFIG XML PATH> <ADDITIONAL ARGS>
<Configuration>
<UpdateFilesList>
<UpdateFile source="path\to\source.exe" destination="path\to\destination.exe" />
</UpdateFilesList>
</Configuration>
<Configuration>
: The root element that encapsulates the entire configuration.
<UpdateFilesList>
: A container element that holds one or more elements.
<UpdateFile>
: Defines a single file downgrade operation.
source
: The path of the downgrade source file. Note that if the source file does not exist, Windows Downdate attempts to retrieve its base version from the component store.
destination
: The path of the downgrade destination file.
Simply put – take the XML snippet and insert <UpdateFile>
elements, the source
replaces the destination
.
You can also refer to the examples directory as reference for finalized config XML files.
Windows Downdate supports two execution options.
Windows Downdate supports crafting custom downgrades. To craft custom downgrade, you need to create a config XML file and just feed the tool with this config XML.
Windows Downdate has built-in usage examples with ready config XML files and vulnerable modules. The supported usage examples are listed below.
WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…
Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…
Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…
Pake is an innovative tool designed to convert any webpage into a desktop application with…
Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…
AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…