Security News IT must patch against Total Meltdown now: The source code is on GitHub

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it's freely available.

  • The source code for the Total Meltdown vulnerability is now on GitHub, putting 64-bit versions of Win7 and Server 2008 R2 at risk.
  • Users that have the KB 4100480, 4093108 or 4093118 patches installed, or have not completed any 2018 updates, should be safe from Total Meltdown.
The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is now available on GitHub.
A person known as XPN, whose blog lists them as a hacker and infosec researcher, posted details of a working exploit that takes advantage of Total Meltdown on Monday. In addition to that blog post, the source code for the exploit is now on GitHub, too.
In the blog post, XPN describes Total Meltdown as a "pretty awesome" vulnerability in that it allows "any process to access and modify page table entries." XPN also noted that the goal was to create an exploit that could "elevate privileges during an assessment," but it was only to help other people understand the exploitation technique, not to create a read-to-use attack.

For those unfamiliar, Total Meltdown was originally created from a botched patch Microsoft issued for the original Meltdown flaw—of the Spectre/Meltdown fame. Whereas the original Meltdown flaw was read-only, Total Meltdown also provides write access.

If you're worried about XPN's exploit, or any issues with Total Meltdown, it should be noted that it only affects 64-bit versions of Win7 and Server 2008 R2. As noted by the Woody on Windows column in Computerworld, the following patches introduced Total Meltdown:
....
....
....
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Try this tool for Meltdown and Spectre detection on your Windows machine.

screenshot.png


Source : GRC | InSpectre
 
Last edited:

MeltdownEnemy

Level 7
Verified
Well-known
Jan 25, 2018
300
It is clear that MS wants to work no more on win7, for that reason they decided to sabotage the system most loved by the people who hate windows 10 and his espionage.
 
D

Deleted member 65228

[Removed and merged into post below]
 
Last edited by a moderator:
D

Deleted member 65228

@upnorth On Windows 7 x64 systems, if you have the Meltdown patch, you're vulnerable to Total Meltdown which is even worse.

Total Meltdown allows kernel page table modification (write access), whereas the original Meltdown only allowed read access to kernel memory... Well, now there's some write access!

You are lucky to have the Spectre patch, while my Haswell gamin rig vulnerable to Spectre forever.
Spectre is harder to exploit than Meltdown and while it was/is still an issue which should be taken on-board, the media was scaring people.

The requirement of Spectre which you should be aware of is that it requires arbitrary code execution within the address space of the target process. With Meltdown, you could... read kernel-memory from your own launcher (for example). With Spectre, you'd need to perform Remote Code Execution to gain arbitrary code execution within the target (unless of course you were performing exploitation from JavaScript being deployed on a website the user navigates to for a browser exploitation attempt). Bear in mind that Spectre is for reading memory you shouldn't have had access to for a specific process being exploited, whereas Meltdown was for kernel memory read access (which shouldn't have been allowed).

1. Anti-Virus/Internet Security products which have self-defense capabilities should be protected against Spectre by default, as long as self-defense is enabled. Without an additional exploit to bypass the self-defense of the security solution, you won't be able to perform the RCE.

2. Google Chrome has a 'Site Isolation' feature which will reduce damage in the event of web-based Spectre exploitation (for example). I am sure that Microsoft and Firefox have their own alike techniques. Regarding the 'Site Isolation' feature, the reason it minimizes damage is because while it does not PREVENT the exploitation of Spectre, the data which can be accessed by the attacker post-exploitation will be reduced... As I mentioned before, you can only affect a target in which you have code execution under, and therefore since the 'Site Isolation' feature will cause a new process per tab document, it means the attacker will only have access to the memory of the process responsible for the document which loaded the malicious JavaScript... and thus the memory of the other browser processes won't be affected during the attack.

3. Security solutions like AppGuard which have a memory protection feature can be utilized.

Microsoft have already deployed some good defenses for Spectre. For starters, they made an update to Visual Studio so developers can enable a new setting and allow Visual Studio to insert the LFENCE instruction (from the x86 architecture) where required. The LFENCE instruction basically says, "Slow down speculative execution, you shall not pass until I say so".

Use the security features of your web-browser and if you happen to be affected by Spectre on another target (e.g. locally and not the web-browser), it means your environment had already become compromised and thus Spectre or no Spectre, it's game over and you failed.

It is clear that MS wants to work no more on win7, for that reason they decided to sabotage the system most loved by the people who hate windows 10 and his espionage.
You could argue that it is not the problem of anyone except the person left vulnerable for using an old version of Windows. New versions of Windows are made for a reason, and whether an old version of Windows is still "supported" or not, they won't be identical in terms of internal security.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
@upnorth On Windows 7 x64 systems, if you have the Meltdown patch, you're vulnerable to Total Meltdown which is even worse.

Total Meltdown allows kernel page table modification (write access), whereas the original Meltdown only allowed read access to kernel memory... Well, now there's some write access!


Spectre is harder to exploit than Meltdown and while it was/is still an issue which should be taken on-board, the media was scaring people.

The requirement of Spectre which you should be aware of is that it requires arbitrary code execution within the address space of the target process. With Meltdown, you could... read kernel-memory from your own launcher (for example). With Spectre, you'd need to perform Remote Code Execution to gain arbitrary code execution within the target (unless of course you were performing exploitation from JavaScript being deployed on a website the user navigates to for a browser exploitation attempt). Bear in mind that Spectre is for reading memory you shouldn't have had access to for a specific process being exploited, whereas Meltdown was for kernel memory read access (which shouldn't have been allowed).

1. Anti-Virus/Internet Security products which have self-defense capabilities should be protected against Spectre by default, as long as self-defense is enabled. Without an additional exploit to bypass the self-defense of the security solution, you won't be able to perform the RCE.

2. Google Chrome has a 'Site Isolation' feature which will reduce damage in the event of web-based Spectre exploitation (for example). I am sure that Microsoft and Firefox have their own alike techniques. Regarding the 'Site Isolation' feature, the reason it minimizes damage is because while it does not PREVENT the exploitation of Spectre, the data which can be accessed by the attacker post-exploitation will be reduced... As I mentioned before, you can only affect a target in which you have code execution under, and therefore since the 'Site Isolation' feature will cause a new process per tab document, it means the attacker will only have access to the memory of the process responsible for the document which loaded the malicious JavaScript... and thus the memory of the other browser processes won't be affected during the attack.

3. Security solutions like AppGuard which have a memory protection feature can be utilized.

Microsoft have already deployed some good defenses for Spectre. For starters, they made an update to Visual Studio so developers can enable a new setting and allow Visual Studio to insert the LFENCE instruction (from the x86 architecture) where required. The LFENCE instruction basically says, "Slow down speculative execution, you shall not pass until I say so".

Use the security features of your web-browser and if you happen to be affected by Spectre on another target (e.g. locally and not the web-browser), it means your environment had already become compromised and thus Spectre or no Spectre, it's game over and you failed.


You could argue that it is not the problem of anyone except the person left vulnerable for using an old version of Windows. New versions of Windows are made for a reason, and whether an old version of Windows is still "supported" or not, they won't be identical in terms of internal security.

Thanks for the headup. I just check ASUS news regarding to the Spectre and Meltdown vulnerability and it seems like ASUS will patch all Z97 board this time.

ASUS Motherboards Microcode Update for Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method
 
  • Like
Reactions: upnorth
F

ForgottenSeer 69673

I was not able to find the BIOS patch via Intel or Dell sites but when I reinstalled the Dell Support assistant, it found the new BIOS code and now I am good to go. Went from A08 to A09.
 
D

Deleted member 178

You could argue that it is not the problem of anyone except the person left vulnerable for using an old version of Windows. New versions of Windows are made for a reason, and whether an old version of Windows is still "supported" or not, they won't be identical in terms of internal security.
+1, unless your hardware can't handle Win10; if it can, not upgrading is being a fool security-wise.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top