Microsoft releases update that fixes problematic Meltdown patch
As if the Meltdown and Spectre chip vulnerabilities weren't bad enough in their own right, the patches designed to fix them caused a further series of problems. A Swedish researcher recently discovered that Microsoft's Meltdown fixes lowered security in Windows 7 and Windows Server 2008 R2, and now the company has issued a fix.
As the new patch is being released outside of the usual schedule, it is indicative of the importance of the security update. KB4100480 is a kernel update for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 that addresses CVE-2018-1038 problems.
- Intel failed to warn US government about Meltdown and Spectre flaws before going public
- Microsoft gives sysadmins Meltdown and Spectre detection in Windows Analytics
- Tests show how much Meltdown fixes will hit Linux system performance
- Intel releases benchmark results detailing Meltdown patch performance slowdown
Just last week, Ulf Frisk showed how Microsoft's previous Meltdown patches made it possible for anyone to read from and write to user processes, gain admin rights and modify data in memory in the 64-bit versions of Windows 7 and Windows Server 2008 R2. He says that Microsoft's latest patch appears to address the issue.
Microsoft says of the new update:
This update addresses an elevation of privilege vulnerability in the Windows kernel in the 64-Bit (x64) version of Windows. This vulnerability is documented in CVE-2018-1038. Users must apply this update to be fully protected against this vulnerability if their computers were updated in or after January 2018 by applying any of the following updates.
- 4056897 -- January 3, 2018—KB4056897 (Security-only update)
- 4056894 -- January 4, 2018—KB4056894 (Monthly Rollup)
- 4073578 -- Unbootable state for AMD devices in Windows 7 SP1 and Windows Server 2008 R2 SP1
- 4057400 -- January 19, 2018—KB4057400 (Preview of Monthly Rollup)
- 4074598 -- February 13, 2018—KB4074598 (Monthly Rollup)
- 4074587 -- February 13, 2018—KB4074587 (Security-only update)
- 4075211 -- February 22, 2018—KB4075211 (Preview of Monthly Rollup)
- 4091290 -- March 1, 2018—KB4091290
- 4088875 -- March 13, 2018—KB4088875 (Monthly Rollup)
- 4088878 -- March 13, 2018—KB4088878 (Security-only update)
- 4088881 -- March 23, 2018—KB4088881 (Preview of Monthly Rollup)
You can grab it via Windows Update, or by following the instructions on the page for the patch.