Windows 10 Meltdown Patch brings critical security issues of its own

Costea Lestoc By: Costea Lestoc
2 minute read
Windows 10 Meltdown Patch issues

Microsoft rolled out a few patches for the Meltdown vulnerability but it seems that they had a fatal flaw. This was reported by Alex Ionescu, a security researcher at Crowdstrike cyber-security. Ionescu tweeted that only Windows 10 patches were affected.

Older versions of Windows 10 are still exposed

Microsoft was quiet about this issue but fixed it on Windows 10 April 2018 Update which got released on April 30.

Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation,” Ionescu tweeted. He also said that older versions of Windows 10 are still running with Meltdown patched that have not been updated which exposes them to high risks.

Microsoft took care of another emergency

Microsoft issued an emergency security update that has nothing to do with the Meltdown patches. This update resolves a flaw in the Windows Host Computer Service Shim library that allowed attackers to remotely execute code on flawed systems. The company labeled the issue as critical.

A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious code on the Windows host,” Microsoft wrote in the official note.

Microsoft rolled out its Meltdown and Spectre patches on January just one day after security experts found two flaws that allow attackers retrieved data from protected areas of modern processors. It was pretty challenging for the tech giant to patch these flaws, but it did release more security updates and also helped Intel with CPU microcode updates as well.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Surface Pro 3 gets new security updates, install goes smoothly

Giles Ensor avatar. By: Giles Ensor
2 minute read

After recent bad news stories about updates released by Microsoft for Windows 10, that you can read here and here, it is refreshing to read (or […]

Continue Reading

Best Windows 10 antivirus software to use in 2018

Radu Tyrsina By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading