Meltdown Patch Opened Bigger Security Hole on Windows 7

Haythem Elmir

Microsoft’s Meltdown patch has opened an even bigger security hole on Windows 7, allowing any user-level application to read content from the operating system’s kernel, and even write data to kernel memory.

Swedish IT security expert Ulf Frisk made the discovery earlier this month while working on PCI Leech, a device he created a few years back for carrying out Direct Memory Access (DMA) attacks and dumping protected OS memory.

Meltdown patch gave user-level apps access to kernel memory

Frisk says that Microsoft’s Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains:

In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.

The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.

Issue silently patched in March Patch Tuesday

This issue affected only 64-bit versions of Windows 7 and Windows Server 2008 R2, Frisk said. We say affected because Microsoft patched the bug by flipping the PML4 permission bit back to its original value in this month’s Patch Tuesday.

Windows 7 and Server 2008 R2 users should make sure they installed both the January 2018 and March 2018 Patch Tuesday releases.
To read the original article:



Laisser un commentaire

Next Post

Boeing Is Dealing With a Suspected WannaCry Ransomware Outbreak

In a baffling turn of events, computers at Boeing have allegedly been infected with the WannaCry Ransomware. According to the Seattle Times, a memo was sent out by a Boeing employee that states that systems have been affected and that their were concerns the ransomware would « spread to airplane software ». The Seattle Times reports that […]