The new Windows 11 leak promises some much-needed good news
SOPA Images/LightRocket via Getty ImagesUpdated on August 28 with the release of the unpatched Windows Downdate exploit.
Don’t hate it when that happens. You accidentally hit publish, then delete, then realize nothing ever is really deleted online. And you watch as people post and write about the mistake, just to make it worse. Well, that’s exactly what happened with Microsoft’s seemingly serendipitous unveiling of a new and much improved Windows update—but only for the less than 30% of you who have upgraded to Windows 11.
As Latest Windows explains, “a Windows PC must restart after installing an update… but Microsoft is trying to change that with ‘hotpatching.’ Recently, Microsoft published a support document related to the feature and then removed it.
This revelation comes courtesy of a post on X, with Phantomofearth spotting the error before it was deleted. Fortunately, the web archive shows a draft document with the somewhat telling title “Hotpatch for Windows (Ge) – 2024.08 B.” The rest of the document is just a blurb on how to create a support document, weirdly.
The manner of all this is surprising, but We already knew hotpatching was on the wayeliminating the need for constant reboots after each update and ensuring security patches are faster and more seamless. hot patching, says Microsoft“works by patching the in-memory code of running processes without the need to restart the process.”
In the current era of regular zero days, this is a significant improvement. ForbesContributor Davey Winder reported on the flurry of Windows Patch Tuesdays just this month, with “fixes for a total of 90 vulnerabilities across… Of those, Microsoft’s Security Response Center warns that five Windows vulnerabilities have been confirmed and already active cyberattacks against them.”
Reboots are one of the (many) bugs of Windows. As PCWorld puts it, “it’s been routine for decades now, basically as long as Windows updates have been around. We hate it because it disrupts our workflows and forces us to start over, often at the most inconvenient times.” Hopefully, that could all change. Although 70% of Windows users have not yet moved to Windows 11, of course.
This won’t completely remove rebooting, it seems certain that regular reboots will still be required and that hotpatching will just be a stopgap or patch. The best information we seem to have so far is that a reboot will be required for every third update, with two hotpatches in between. But it presents a neat option for emergency fixes.
Windows Central reported in February that “Microsoft plans to use patching in Windows 11 to deliver monthly security updates without requiring a user restart. However, that doesn’t mean you won’t have to reboot for a pending update again. Hot Patching relies on a baseline update that requires a restart every few months. This means that in an ideal world, only four monthly security updates would require a reboot per year, those in January, April, July and October.”
The “Ge” in the deleted document refers to Germanium, itself the code for Windows 11 24H2 “We may see a republish of the support document in the future.” Latest Windows he says, which he notes has already appeared in Inside rebuilds, and which “the Redmond giant appears to be implementing with the upcoming 24H2 version update.”
It’s been a rough few months for Windows and the latest Recall headlines won’t help as this particular privacy nightmare comes back to life. But the most worrying news for Windows users will be the release of the Downdate tool—an as-yet-unpatched vulnerability that allows an attacker to roll back a Windows installation so that the system becomes vulnerable to previously patched vulnerabilities.
As a developer Alon Leviev he explained when he previewed the tool for Black Hat USA 2024, “downgrade attacks—also known as rollback attacks—are a type of attack designed to roll back immune, fully updated software to an earlier version. They allow malicious actors to expose and exploit previously patched/patched vulnerabilities to compromise systems and gain unauthorized access.”
Leviev’s findings were startling to say the least: “I was able to make a fully patched Windows machine vulnerable to thousands of previous vulnerabilities, turning the patched vulnerabilities into zero days and rendering the term ‘fully patched’ meaningless on any Windows machine in the world.”
Microsoft says it has “been notified of an elevation of privilege vulnerability in Windows Update, potentially allowing an attacker with root user privileges to reintroduce previously mitigated vulnerabilities or bypass certain Virtualization Based Security (VBS) features.” However, an attacker attempting to exploit this vulnerability requires additional interaction from a privileged user to be successful.”
As the tool is now live—and currently not fully patched—it’s important for interested users—especially businesses—to be aware of Microsoft’s advisory:
Microsoft says that while it is working on “a security update that will mitigate this vulnerability … it is not yet available.” The company also says it’s “not aware of any attempts to exploit this vulnerability,” but warns that “the presentation about this vulnerability hosted at BlackHat on August 7 … may change the threat landscape.”
All this once again reinforces the need for ongoing support. This matters because Microsoft is still struggling to push the remaining 70% of Windows users who can’t (given hardware limitations) or won’t (preferring Windows 10) to upgrade. With just over a year to go until the end of Windows 10’s life, the flurry of recent threats will terrify anyone without ongoing security support.
