Blog
Microsoft has announced the development of security updates to address two loopholes that could potentially be used to stage downgrade attacks against the Windows update architecture. These attacks could enable the replacement of current versions of Windows files with older versions, posing significant security risks.
The vulnerabilities identified are:
- CVE-2024-38202 (CVSS score: 7.3) – Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2024-21302 (CVSS score: -) – Windows File Replacement Vulnerability
