Windows 7 Meltdown patch makes PCs even more vulnerable to threats

By: Costea Lestoc
2 minute read

A few weeks ago, Microsoft quickly rolled out a patch to fix the Spectre and Meltdown security vulnerabilities lingering in Windows 7. Unfortunately, things didn’t end up as planned because the company’s Meltdown patch actually triggered even more security issues.

The patch brought more flaws on Windows 7, allowing all user-level apps to read content from the Windows kernel. More than that, the patch even enables the writing of data to the kernel memory. Here’s what you need to know about all this.

Here’s what the Meltdown patch triggered in Windows 7

Ulf Frisk, the Swedish expert in IT security, discovered the hole that this latest Microsoft patch triggers. He did so while working on PCILeech which is a device that he made a few years ago and that carries out Direct Memory Access (DMA) attacks and also dumps protected OS memory.

According to this expert, Microsoft’s Meltdown patch for CVE-2-17-5754 managed to cause a flaw in the bit that controls the kernel memory’s access permission by accident. Frisk opened his blog post by writing:

Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.

No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write!

Frisk continued and explained that the “User/Supervisor permission bit was set in the PML4 self-referencing entry,” and this triggered the availability of page tables to user mode code in all processes.

These page tables should only be accessible via the kernel under normal conditions. The PML4 is used by the CPU Memory Management Unit in order to translate the virtual addresses of processes into physical memory addresses in RAM.

Microsoft patches the issue with March 2018 Patch Tuesday release

According to the Swedish expert, the problem seems to have only affected 64-bit versions of Windows 7 and Windows Server 2008 R2. Microsoft fixed the flaw by flipping the PML4 permission back to the original value in the March’s Patch Tuesday. It seems that Windows 8.1 or Windows 10 computers are not affected by this issue.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading