UPDATED 23:22 EDT / MARCH 28 2018

INFRA

Microsoft Meltdown patch introduced new vulnerability to Windows installs

Microsoft Corp.’s attempts to address the Meltdown vulnerability in Intel Corp. computer processing units have opened a new vulnerability in some versions of Windows, at least according to one researcher.

The claim comes from Ulf Frisk, a security researcher based in Sweden, who wrote Tuesday that the patches released for Windows 7 x64 and Windows Server 2008 in January and February did protect against Meltdown but “opened up a vulnerability way worse” that could allow an attacker to access “any process to read the complete memory contents at gigabytes per second … [and] write to arbitrary memory as well.”

Explaining the technicalities of the introduced vulnerability in the patches, Frisk said that “the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself…. once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables used for virtualization. All one has to do is to write their own Page Table Entries into the page tables to access arbitrary physical memory.”

The issue only affects systems where patches were applied in January and February, and not the March “Patch Tuesday” release. “Microsoft is aware of this and looking into the matter further,” the company said in a statement. “This issue impacts Win7 SP1 (x64 only) and Server 2008R2 SP1 (x64 only). We are actively testing a solution, and will make it available as soon as it is properly validated.”

Mounir Hahad, head of Juniper Threat Labs at Juniper Networks Inc., said the introduced vulnerability highlights issues with patches being released without proper testing.

“The rush to quickly close vulnerabilities is often a treacherous path that can cause undesirable side-effects,” Hahad said. “The urgency is to respond to known issues in a timely manner. It is not unheard of that some new glitches are introduced with fixes. The good news in this case is that … any system up-to-date with March patches is no longer vulnerable.”

Photo: toyochin/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.