Microsoft’s Meltdown patch made Windows 7 systems more insecure
Back in January, Meltdown CPU vulnerability was detailed and users received fix from Microsoft, Apple, Google and other companies responsible for fixing the flaws from software level.
But Microsoft did a big blunder in that. In place of fixing the vulnerability, it even introduced a new vulnerability in Windows 7 computers. The new vulnerability allows any unprivileged, user-level application to read or write data from operating system’s kernel memory.
If you are not sure what is Spectre, I wrote a complete article in Spectre and Meltdown explaining how these vulnerabilities affect system.
After Microsoft released the fixes for Windows 7 PCs for the Meltdown flaw, an independent Swedish security researcher Ulf Frisk found that the new flaw even worse than Meltdown. Meltdown could allow attackers to read kernel memory at a speed of 120 KBps. After the so called fix, attackers can now read the same at a speed of Gbps.
“The issue exists because User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.”
You can even test this vulnerability on your system. Frisk explained how you can try this on affected computer using PCILeech.
The new flaw affects Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches. If your system is not patched since December 2017 or it it was patched with 2018-03 patches or later it will be secure. Other windows versions are completely secure. Windows 10 or Windows 8.1 PCs are safe as they require attackers to have physical access to a targeted system.