Cybersecurity

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below –

CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS