Microsoft’s Meltdown patch has opened an even bigger security hole on Windows 7, allowing any user-level application to read content from the operating system’s kernel, and even write data to kernel memory.
Swedish IT security expert Ulf Frisk made the discovery earlier this month while working on PCI Leech, a device he created a few years back for carrying out Direct Memory Access (DMA) attacks and dumping protected OS memory.
Meltdown patch gave user-level apps access to kernel memory
Frisk says that Microsoft’s Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains:
The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.
Issue silently patched in March Patch Tuesday
This issue affected only 64-bit versions of Windows 7 and Windows Server 2008 R2, Frisk said. We say affected because Microsoft patched the bug by flipping the PML4 permission bit back to its original value in this month’s Patch Tuesday.
Windows 7 and Server 2008 R2 users should make sure they installed both the January 2018 and March 2018 Patch Tuesday releases.
To read the original article: