Microsoft's Meltdown patch for Windows 10 has a 'fatal flaw'
If you've not updated to Windows 10 April 2018 Update but you have installed Microsoft's Meltdown patches from a few months ago, your computer is vulnerable to a "fatal flaw".
This is not the first time a patch for the Meltdown vulnerability has led to problems with Windows, but previously it was Windows 7 and Windows Server 2008 that were affected. A security researcher found that Microsoft's patch for Windows 10 "undermined the mitigation", and while the problem has been fixed in the April 2018, the company is still working on backporting an updated patch for older versions of Windows 10.
- Exploit emerges for Microsoft's problematic Meltdown patch for Windows 7 and Server 2008
- Intel: some processors will never receive Meltdown and Spectre patches
- Microsoft releases update that fixes problematic Meltdown patch
- Meltdown patches from Microsoft made Windows 7 and Windows Server 2008 less secure
Self-described "security ninja" Alex Ionescu revealed the problem, saying: "Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation."
The problem essentially renders the Meltdown patch for Windows 10 useless. Redstone 4 builds of Windows 10 (that is, Windows 10 April 2018 Update, or build 1803) were quietly updated with a patch, but everyone else will have to wait a little longer.
The security expert shared his concerns in a tweet:
Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation. This is now patched on RS4 but not earlier builds -- no backport?? pic.twitter.com/VIit6hmYK0
— Alex Ionescu (@aionescu) May 2, 2018
There's currently no hint of just when a new patch will be ready for users of older versions of Windows 10, but Microsoft said to Bleeping Computer: "We are aware and are working to provide customers with an update."