Windows 7 Meltdown patch makes PCs even more vulnerable to threats

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » Windows 7 Meltdown patch makes PCs even more vulnerable to threats

A few weeks ago, Microsoft quickly rolled out a patch to fix the Spectre and Meltdown security vulnerabilities lingering in Windows 7. Unfortunately, things didn’t end up as planned because the company’s Meltdown patch actually triggered even more security issues.

The patch brought more flaws on Windows 7, allowing all user-level apps to read content from the Windows kernel. More than that, the patch even enables the writing of data to the kernel memory. Here’s what you need to know about all this.

Here’s what the Meltdown patch triggered in Windows 7

Ulf Frisk, the Swedish expert in IT security, discovered the hole that this latest Microsoft patch triggers. He did so while working on PCILeech which is a device that he made a few years ago and that carries out Direct Memory Access (DMA) attacks and also dumps protected OS memory.

According to this expert, Microsoft’s Meltdown patch for CVE-2-17-5754 managed to cause a flaw in the bit that controls the kernel memory’s access permission by accident. Frisk opened his blog post by writing:

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.

No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write!

Frisk continued and explained that the “User/Supervisor permission bit was set in the PML4 self-referencing entry,” and this triggered the availability of page tables to user mode code in all processes.

These page tables should only be accessible via the kernel under normal conditions. The PML4 is used by the CPU Memory Management Unit in order to translate the virtual addresses of processes into physical memory addresses in RAM.

Microsoft patches the issue with March 2018 Patch Tuesday release

According to the Swedish expert, the problem seems to have only affected 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft fixed the flaw by flipping the PML4 permission back to the original value in the March’s Patch Tuesday. It seems that Windows 8.1 or Windows 10 computers are not affected by this issue.



Next up

Windows was unable to install your Android [FIX IT NOW]

Aleksandar Ognjanovic By: Aleksandar Ognjanovic
4 minute read

Installing Android drivers on a PC should be a walk in a park. You connect your handset with the PC via the USB cable and, […]

Continue Reading

5 ways to fix NOX emulator lag issues that really work

Daniel Segun By: Daniel Segun
6 minute read

Do you have NOX installed on your PC? Are you experiencing any form of lag while running it? This article is specially designed for you! […]

Continue Reading

What to do if ExpressVPN won’t connect after update

Daniel Segun By: Daniel Segun
6 minute read

Do you have ExpressVPN installed on your PC? Do you encounter connection problems after an update? This guide will help you out. Here, we’ll be […]

Continue Reading