As we pointed out in a previous article, the hotfix that Microsoft rolled out to Windows 7 computers in order to patch Metdown vulnerabilities actually did more harm than good.
The patch made the OS even more vulnerable to threats. More specifically, the update allows all user-level apps to access and read content from the Windows kernel and even enables the writing of data to the kernel memory.
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
KB4100480 fixes security issues caused by previous Meltdown updates
The good news is that you can now fix this problem by downloading the latest Windows 7 updates. Microsoft recently released KB4100480 to all Windows 7 users in order to fix this elevation of privilege vulnerability for good.
So, if you haven’t updated your Windows 7 computer since January, go to the Update page and check for updates. You can also download and install KB4100480 directly from Microsoft’s Update Catalog website.
For the time being, there are no bug reports as far as the installation process is concerned. Users haven’t reported any issues at all after installing the update, so everything should go smoothly.
Speaking of the Meltdown vulnerability, you can use the guides listed below to test your computer and check if it’s vulnerable to Spectre/Meltdown:
- Download this tool to check if computer is vulnerable to Meltdown & Spectre
- Download InSpectre to check for CPU performance issues
RELATED STORIES TO CHECK OUT:
- Intel’s 8th gen CPUs bring a new hardware design to block Spectre & Meltdown
- Microsoft pays you $250,000 to find bugs in its programs
- Edge and IE get enhanced protection against the latest CPU security bugs