Microsoft Working on a Fix for Windows 10 Meltdown Patch Bypass

Haythem Elmir 6 ans ago
0 1
Read Time1 Minute, 44 Second

Microsoft’s patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.

Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

« Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation, » Ionescu wrote.

 

Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.

Microsoft patched another —unrelated— vulnerability today

Microsoft issued today an security update, but it wasn’t to backport the « fixed » Meltdown patches for older Windows 10 versions.

Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.

Microsoft classified CVE-2018-8115 as a « critical » issues. A patched hcsshim file is available for download from GitHub.

Backported patches are on the way

« We are aware and are working to provide customers with an update, » a Microsoft spokesperson told Bleeping Computer today in an email.

It may be that if Microsoft doesn’t bundle these fixes in an out-of-band update, they will most likely arrive in Microsoft’s May 2018 Patch Tuesday, but this is only our speculation.

Microsoft released its Meltdown and Spectre patches on January 4, a day after security researchers disclosed the two flaws, vulnerabilities that allow attackers to retrieve data from protected areas of modern CPUs.

The Redmond-based OS maker has had a hard time patching the two flaws, and the company recently issued additional security updates to fix the original Spectre mitigations, and also deliver Intel CPU microcode updates, as a favor to Intel.

To read the original article;

https://www.bleepingcomputer.com/news/security/microsoft-working-on-a-fix-for-windows-10-meltdown-patch-bypass/

About Post Author

Haythem Elmir

haythem.elmir@keystone.tn
http://ww.cyber.tn
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%
(Add your review)

Laisser un commentaire

Next Post

New Rowhammer attack can be used to hack Android devices remotely

ven Mai 4 , 2018
Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones. What is a Rowhammer attack? “The Rowhammer attack targets the design of DRAM memory. On a system where the DRAM is insufficiently refreshed, targeted operations on a row […]

You May Like