{"id":57533,"date":"2024-10-29T15:06:49","date_gmt":"2024-10-29T15:06:49","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36530\/Windows-Update-Takeover-Lets-An-Attacker-Revive-A-Patched-Vuln.html"},"modified":"2024-10-29T15:06:49","modified_gmt":"2024-10-29T15:06:49","slug":"windows-update-takeover-lets-an-attacker-revive-a-patched-vuln","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/","title":{"rendered":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/07\/071824_windows_start.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Microsoft typically operates under the assumption that if an attacker has administrative privileges, gaining <a href=\"https:\/\/www.scworld.com\/news\/Jim%20Edwards,%20senior%20director%20of%20engineering%20at%20Keeper%20Security,%20said%20this%20recent%20discovery%20highlights%20the%20cat-and-mouse%20game%20in%20cybersecurity,%20where%20defenses%20evolve,%20but%20so%20do%20the%20tactics%20of%20attackers.%20Edwards%20said%20Microsoft%20has%20made%20significant%20strides%20to%20harden%20the%20Windows%20kernel,%20yet%20skilled%20attackers%20can%20still%20find%20ways%20around%20these%20protections,%20as%20we%20see%20with%20the%20downgrade%20attack%20on%20Windows%20Update.%20%20%20%20%20%E2%80%9CBy%20tricking%20the%20system%20into%20installing%20vulnerable%20versions%20of%20critical%20components,%20an%20attacker%20with%20administrator%20privileges%20can%20quietly%20bypass%20security%20while%20making%20an%20updated%20system%20appear%20fully%20patched,%E2%80%9D%20said%20Edwrds.%20%E2%80%9CA%20zero-trust%20security%20model%20and%20privileged%20access%20management%20(PAM)%20can%20help%20reduce%20these%20risks%20by%20enforcing%20strict%20authentication%20and%20authorization,%20even%20for%20administrators.%E2%80%9D\">kernel-level<\/a> code execution doesn\u2019t cross a defined security boundary and therefore they don\u2019t consider it a critical vulnerability needing immediate remediation.<\/p>\n<p>In an Oct. 26 blog post, <a href=\"https:\/\/www.safebreach.com\/blog\/update-on-windows-downdate-downgrade-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">SafeBreach researchers<\/a> argued that Microsoft\u2019s narrow definition leaves systems vulnerable to deploying custom rootkits that can neutralize security controls because it doesn\u2019t account for admins or malware with admin rights undermining critical security mechanisms.<\/p>\n<p>The researchers point out that while significant enhancements have been made to strengthen kernel security against compromise by administrator privileges, the <a href=\"https:\/\/www.scworld.com\/news\/windows-downdate-attack-totally-undermines-windows-security-fix-not-yet-ready\">ability to downgrade kernel components<\/a> unfortunately makes compromising the kernel much simpler.<\/p>\n<p>A Microsoft spokesperson issue the following statement in response to the SafeBreach research: \u201cWe appreciate the work of SafeBreach in identifying and responsibly reporting this vulnerability through a coordinated vulnerability disclosure.\u202fWe are actively developing mitigations to protect against these risks while following an extensive process involving a thorough investigation, update development across all affected versions, and compatibility testing, to ensure maximized customer protection with minimized operational disruption.\u201d&nbsp;<\/p>\n<p>Jason Soroko, senior fellow at Sectigo, explained that the researchers demonstrated that attackers can exploit this oversight by downgrading critical system components via the Windows Update process, effectively disabling important security features such as Driver Signature Enforcement (DSE) and virtualization-based security (VBS).<\/p>\n<p>\u201cWhile administrators have legitimate high-level access, they are still subject to certain restrictions, such as DSE and VBS, which are designed to prevent unauthorized code from running at the kernel level,\u201d said Soroko. \u201cThese features act as security boundaries intended to maintain system integrity and prevent malicious activities.\u201d<\/p>\n<p>According to the SafeBreach researchers, downgrade attacks \u2014 also known as &#8220;version-rollback attacks&#8221; \u2014 are designed to revert an immune, fully up-to-date software back to an older version. They let malicious actors expose and exploit previously fixed\/patched vulnerabilities to compromise systems and gain unauthorized access.&nbsp;By using this downgrade ability, SafeBreach discovered&nbsp;<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21302\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-21302<\/a>, a privilege escalation vulnerability affecting the entire Windows virtualization stack.&nbsp;<\/p>\n<p>SafeBreach explained how <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-38202\">CVE-2024-38202<\/a> \u2014 the Windows Update takeover capability \u2014 still presents a significant threat to organizations by using it to revive the \u201cItsNotASecurityBoundary\u201d DSE bypass. This DSE bypass lets attackers load unsigned kernel drivers, allowing them to deploy custom rootkits that can neutralize security controls, hide processes and network activity, and maintain stealth.<\/p>\n<p>Jim Edwards, senior director of engineering at Keeper Security, said this recent discovery highlights the cat-and-mouse game in cybersecurity, where defenses evolve, but so do the tactics of attackers. Edwards said Microsoft has made significant strides to harden the Windows kernel, yet skilled attackers can still find ways around these protections, as we saw with the downgrade attack on Windows Update.<\/p>\n<p>\u201cBy tricking the system into installing vulnerable versions of critical components, an attacker with administrator privileges can quietly bypass security while making an updated system appear fully patched,\u201d said Edwards. \u201cA zero-trust security model and privileged access management can help reduce these risks by enforcing strict authentication and authorization, even for administrators.\u201d<\/p>\n<p>The Microsoft spokesperson added that it\u2019s developing a security update that will revoke outdated, unpatched VBS system files to mitigate this threat. Because of the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. In parallel, Microsoft said it also released security update&nbsp;<a href=\"https:\/\/us-east-2.protection.sophos.com\/?d=checkpoint.com&amp;u=aHR0cHM6Ly9wcm90ZWN0LmNoZWNrcG9pbnQuY29tL3YyL3IwMS9fX19odHRwczovL21zcmMubWljcm9zb2Z0LmNvbS91cGRhdGUtZ3VpZGUvdnVsbmVyYWJpbGl0eS9DVkUtMjAyNC0zODIwMl9fXy5ZekoxT25kbFkyOXRiWFZ1YVdOaGRHbHZibk02WXpwdk9tRmtOemM1WlRCalptRTVOemd5TkRVNE5UWXlPRFUwWWpFNU9HVmpPVGN5T2pjNlpHWTRPRG8yT0Rnd01HSTJOVEV3WmpSalpXUmhPVEkyT1RBNFpUVXdNRGxqTUdZelpHTXlORGt4WVRSbVpqYzFOek5sWXpVMFl6TmpPVFUzWXpBNE5XWTNZams0T21nNlJqcEc=&amp;i=NWY5MWQxOTI2MGExMjYwZTBmZTU0NTI4&amp;t=RU14TlJFclNxcHdxUExFRlJhUTdGcEwrT3pjT1h2V1VNaEFZRVBic3lwdz0=&amp;h=434e1cddfc934e77a86dc30bc62fb100&amp;s=AVNPUEhUT0NFTkNSWVBUSVbWDoNISjiMjRpFxFNPKAZLFfRySmlkSWzzRDKvdmUncQ\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-38202<\/a>&nbsp;Oct. 15 to help keep customers protected. Microsoft also said &nbsp;<a href=\"https:\/\/us-east-2.protection.sophos.com\/?d=checkpoint.com&amp;u=aHR0cHM6Ly9wcm90ZWN0LmNoZWNrcG9pbnQuY29tL3YyL3IwMS9fX19odHRwczovL21zcmMubWljcm9zb2Z0LmNvbS91cGRhdGUtZ3VpZGUvdnVsbmVyYWJpbGl0eS9DVkUtMjAyNC0yMTMwMl9fXy5ZekoxT25kbFkyOXRiWFZ1YVdOaGRHbHZibk02WXpwdk9tRmtOemM1WlRCalptRTVOemd5TkRVNE5UWXlPRFUwWWpFNU9HVmpPVGN5T2pjNk5qZzROam8zWXpNNE16aGpaVEpqT0dRek1UbGlPRGMwTVRsaVpqSXpPREpoTnpBelkyRXlOVGRqWTJRMk16UTBORGcyT0RZd1ptVXhZalExWlRCbE56RTVOREV5T21nNlJqcEc=&amp;i=NWY5MWQxOTI2MGExMjYwZTBmZTU0NTI4&amp;t=YnVUdnlMbFBCS2ZHcFVuL0RKRVBFVURxazVmYlNrWkFZK0swTlZPbGxXbz0=&amp;h=434e1cddfc934e77a86dc30bc62fb100&amp;s=AVNPUEhUT0NFTkNSWVBUSVbWDoNISjiMjRpFxFNPKAZLFfRySmlkSWzzRDKvdmUncQ\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2024-21302<\/a> will continue to be updated with additional mitigation or relevant risk reduction guidance as they become available.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36530\/Windows-Update-Takeover-Lets-An-Attacker-Revive-A-Patched-Vuln.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":57534,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[235],"class_list":["post-57533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemicrosoftflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-29T15:06:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/07\/071824_windows_start.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Windows Update Takeover Lets An Attacker Revive A Patched Vuln\",\"datePublished\":\"2024-10-29T15:06:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/\"},\"wordCount\":603,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg\",\"keywords\":[\"headline,microsoft,flaw\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/\",\"name\":\"Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg\",\"datePublished\":\"2024-10-29T15:06:49+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg\",\"width\":1091,\"height\":726},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,microsoft,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemicrosoftflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Windows Update Takeover Lets An Attacker Revive A Patched Vuln\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/","og_locale":"en_US","og_type":"article","og_title":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-29T15:06:49+00:00","og_image":[{"url":"https:\/\/files.cyberriskalliance.com\/wp-content\/uploads\/2024\/07\/071824_windows_start.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln","datePublished":"2024-10-29T15:06:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/"},"wordCount":603,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg","keywords":["headline,microsoft,flaw"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/","url":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/","name":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg","datePublished":"2024-10-29T15:06:49+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/10\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln.jpg","width":1091,"height":726},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/windows-update-takeover-lets-an-attacker-revive-a-patched-vuln\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,microsoft,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemicrosoftflaw\/"},{"@type":"ListItem","position":3,"name":"Windows Update Takeover Lets An Attacker Revive A Patched Vuln"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57533"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57533\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/57534"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}