Windows Downdate can turn your Windows 11/10 to earlier versions, but you shouldn't use it

A security expert was able to effectively downgrade Windows 10/11.

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Windows Downdate

Security researcher Alin Leviev used a tool called Windows Downdater to bypass protective steps and permanently lower versions of Windows 10 and 11 systems. This intelligent software can hijack the Windows Update procedure and make completely undetectable, invisible, constant, and irreversible downgrades on important OS parts.

In a blog post, Leviev explains the consequences of this tool, which are, as you might have figured out already, significant. Windows Downdate can expose a system to thousands of previous vulnerabilities, reverting fixed security holes into wide-open vulnerabilities.

During the Black Hat and DEF CON events, Leviev’s presentation clarified that a system might be unable to install forthcoming updates or identify issues with help from recovery tools after a downgrade.

Windows Downdate’s technical details are captivating for cybersecurity enthusiasts. Leviev aimed to make the downgrade entirely unnoticeable, unseen, lasting, and unchangeable. This required extensive comprehension of the Windows Update process and the skill to control it effectively. Leviev found a way to circumvent the security actions made to safeguard critical OS parts from unauthorized changes by aiming at the updating process.

Here’s how it works:

  • First, the downgrade must be fully undetectable, so that endpoint detection and response (EDR) solutions cannot block the downgrade. Thus, I aimed to perform the downgrade in the most legitimate way possible.
  • Second, the downgrade must be invisible. The downgraded components should appear up-to-date, even if they have technically been downgraded. 
  • Third, the downgrade must be persistent, so that future software updates do not overwrite it.
  • Finally, the downgrade must be irreversible, so that scanning and repairing tools will not be able to detect or repair the downgrade.

Even though Microsoft knows about this problem and is trying to lessen its effects, the fact that there are tools such as Windows Downdates shows how difficult it can be to achieve complete safety in our digital world, especially for the Redmond-based tech giant, a company that is constatly attacked by hackers.

More about the topics: Windows 11, Windows Update

User forum

0 messages