Well this isn’t good. Ulf Frisk who is the guy that highlighted that Apple had some really huge security holes in their FileVault encryption is going public with the fact that Microsoft’s Meltdown fixes for Windows 7 made PCs more insecure as opposed to less insecure:
We’re told Redmond’s early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system’s memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.
Now if you’re running Windows 8 or 10, you’re not affected by this. But if you are running Windows 7, the March Patch Tuesday dump of fixes should address this. Thus if you haven’t updated your Windows 7 computer, you should do so ASAP. You can copy and past that advice for Windows Server 2008 R2 as well.
#Fail
Like this:
Like Loading...
Related
This entry was posted on March 29, 2018 at 8:49 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: Windows 7 Meltdown Patches From January and February Made PCs MORE Insecure
Well this isn’t good. Ulf Frisk who is the guy that highlighted that Apple had some really huge security holes in their FileVault encryption is going public with the fact that Microsoft’s Meltdown fixes for Windows 7 made PCs more insecure as opposed to less insecure:
We’re told Redmond’s early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system’s memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.
Now if you’re running Windows 8 or 10, you’re not affected by this. But if you are running Windows 7, the March Patch Tuesday dump of fixes should address this. Thus if you haven’t updated your Windows 7 computer, you should do so ASAP. You can copy and past that advice for Windows Server 2008 R2 as well.
#Fail
Share this:
Like this:
Related
This entry was posted on March 29, 2018 at 8:49 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.