Microsoft Updates to Meltdown (CVE-2017-5754) appear to have accidentally left themselves exposed users που χρησιμοποιούν συστήματα Windows 7 64-bit. Τα συγκεκριμένα συστήματα φέρεται να είναι ευπαθή πολύ περισσότερο από ότι ήταν πριν την ενημέρωση, σύμφωνα με a researcher.
Let's remind that Meltdown is a hardware vulnerability that proved almost simultaneously by several groups of researchers.
The vulnerability allows an attacker to access the contents of kernel memory in passwords and encryption keys that is, from a part used by common applications.
So Microsoft and many other companies tried to fix the vulnerability by updating operating systems (except for BIOS updates from manufacturers). So we saw two different updates for Windows in January and February.
But according to Ulf Frisk, something went wrong right from the first update released in January, when it was installed on systems running Windows 7 and Windows Server 2008 R2. The update skipped some permissions control for something called Page Map Level 4 (PML4).
What is this;
It is a table used by Intel microprocessors to translate the virtual addresses of a process into physical memory addresses in RAM.
However, only the kernel must have access to this table. Because if things do not happen, they are very simple for every attacker.
It will not need smart exploits, since Windows 7 does all the hard work of mapping the required memory in every current process. The exploit is just a matter of reading and writing to an already paired virtual memory in operation. No complicated APIs or syscalls are required.
According to Frisk, the update was released on March Microsoft has fixed the problem on Windows 10, 8, and 7 32bit. This means that Windows 7 x64 systems that receive only the January and / or February updates are still affected.
Seeing systems more vulnerable (than before) after a security update is something we do not often see.
First there was an update on the flaw, which created a new and distinct defect, which required a new solution for repair.
But to be fair, Microsoft may have written the buggy code, but it was trying to cover completely security flaws that originated in the way hardware was designed two decades ago.
After the above, we should emphasize once again the importance of directness applicationof any new updates.
OK with Microsoft good will be to wait a few days, especially in production systems.
- Google Maps updated application with a Macedonian. Shake
- Microsoft Office 2016 from the company's servers