Meltdown patches from Microsoft made Windows 7 and Windows Server 2008 less secure
If you're running Windows 7 and you've not yet installed the March updates, now is very much the time to do so. It turns out that the Meltdown patches released in January and February actually opened up a security hole in both Windows 7 and Windows Server 2008 R2.
A Swedish security researcher found that the patches changed access permissions for kernel memory, making it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory.
See also:
- Intel failed to warn US government about Meltdown and Spectre flaws before going public
- Microsoft gives sysadmins Meltdown and Spectre detection in Windows Analytics
- Tests show how much Meltdown fixes will hit Linux system performance
- Intel releases benchmark results detailing Meltdown patch performance slowdown
Writing on his blog, Ulf Frisk says that Microsoft's January and February patches "stopped Meltdown but opened up a vulnerability way worse." He goes on to say: "It allowed any process to read the complete memory contents at gigabytes per second, oh -- it was possible to write to arbitrary memory as well."
What is particularly worrying about the new security issue introduced by the supposed patches is that there was no need to take advantage of complicated exploits; data was simply there for read and write access.
Frisk explains the problem introduced by the Meltdown patch:
In short -- the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.
The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.
One (slightly) mitigating factor is that the problem only affects 64-bit versions of Windows 7 and Windows Server 2008 R2. The good news is that Microsoft's March patches fix the issue, so get installing if you haven't done so already.