Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions.
The vulnerabilities are listed below -

CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-21302 (CVSS



Source: TheHackerNews
Source Link: https://thehackernews.com/2024/08/windows-downgrade-attack-risks-exposing.html