Microsoft’s Meltdown Patch Made Windows 7 PCs Less Secure

Microsoft’s Meltdown Patch Made Windows 7 PCs Less Secure

Security circles were thrown into disarray late last year when serious bugs known as Meltdown and Spectre threatened to leak private data from computers around the world. The industry spent months developing patches while the public remained unaware of the danger. Updates only began rolling out early this year, and many of them have been buggy or downright broken. In fact, it sounds like Microsoft’s Meltdown patch didn’t even make Windows 7 more secure. It actually did the opposite.

Meltdown and Spectre are so dangerous because they affect one of the most important low-level features of CPUs known as speculative execution. That’s a process by which a processor can perform calculations you are likely to need before being instructed to do so. The result is improved system responsiveness. However, Meltdown and Spectre can allow a rogue process to take advantage of speculative execution and read all active memory, including sensitive data like passwords.

These vulnerabilities affected most modern CPU designs, particularly Intel’s chips. Microsoft has to deal with virtually all CPU architectures, so its patches are particularly important. Swedish security researcher Ulf Frisk reports that Microsoft’s patch for Meltdown doesn’t prevent data leakage on Windows 7. It actually accelerated the process of reading secure data instead. Originally, Meltdown could allow a process to read memory at a rate of 120Kbps, but that increased to multiple gigabits per second after the patch.

According to Frisk, the new flaw affects most versions of Windows 7 and Server 2008 R2. The issues stem from a single bit in the kernel page tables memory translator that controls access permissions for kernel memory. That bit was accidentally flipped from supervisor-only to any user. Thus, all users of a system have unfettered access to the kernel page tables, but it should only be accessible to the kernel.

Microsoft’s Meltdown Patch Made Windows 7 PCs Less Secure

Frisk created a proof-of-concept exploit, which runs on 64-bit versions of Windows 7 and Server 2008 R2. The PLM4 page table is in a fixed memory location, so no “fancy” tricks are needed to utilize the Meltdown attack. After gaining read-write access, you can read all the physical memory at a much faster rate than before the patch.

A fix for the exploit in the last patch has already been developed. Microsoft began rolling it out on Tuesday. All users of Window 7 or Server 2008 R2 should manually run the update checker if they haven’t already. Hopefully, this is the last do-over Microsoft will need to get these exploits blocked.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility
Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility

Apple's new MacBooks and Mac mini have made waves, partly thanks to the new silicon inside of them. Apple's new ARM ecosystem, however, is not without its growing pains.

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.