#Fail: Windows 7 Meltdown Patches From January and February Made PCs MORE Insecure

Well this isn’t good. Ulf Frisk who is the guy that highlighted that Apple had some really huge security holes in their FileVault encryption is going public with the fact that Microsoft’s Meltdown fixes for Windows 7 made PCs more insecure as opposed to less insecure:

We’re told Redmond’s early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system’s memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.

Now if you’re running Windows 8 or 10, you’re not affected by this. But if you are running Windows 7, the March Patch Tuesday dump of fixes should address this. Thus if you haven’t updated your Windows 7 computer, you should do so ASAP. You can copy and past that advice for Windows Server 2008 R2 as well.

#Fail

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: