Windows 7 Meltdown Patch Created Worse Flaw

[AtlBo]

Microsoft’s Windows 7 Meltdown patch created ‘worse’ flaw

This was patched in the March updates for 64 bit versions of Windows 7, and there was no such issue in Windows 8.1 or Windows 10.

Report states that when the original meltdown patch was applied to Windows 7 x64 in January, something went wrong in these versions of Windows. Somehow, controlling permissions for something called the Page Map Level 4 (PML4) were correspondingly misset, allowing memory to be mapped into all running processes. Normally, only the kernel should be able to do this. Attackers wouldn't need the ability to access the kernel to get memory information. This was apparently at the time unknown to Microsoft.

No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write!

Certainly good to hear this has been fixed

 

[Deleted member 65228]

I heard about this on Twitter and it was interesting. Thankfully it has been patched now anyway but still it was not a very nice thing to have read about (as in not nice it happened).

It is what it is though, and it is public knowledge that newer versions of Windows are safer anyway generally speaking.