A computing system may be protected from revoked system updates. A computing system receives an object and scans it for revocation updates to a security structure of the computing system. The security structure is a monotonically nondecreasing collection of segments containing data on whether a system update is revoked, and a system update's status as revoked signifies the revoked system update can no longer be used by the computing system. Based upon scanning the object, the computing system identifies and validates a revocation update. The computing system resolves the revocation update by applying the revocation update to the security structure, by adding or changing one or more segments of the security structure identified by the revocation update, in response to determining that the revocation update is valid, or by denying application of the revocation update to the security structure in response to determining that the revocation update is invalid.