Microsoft's Meltdown patch for Windows 10 has a 'fatal flaw'

Spectre and Meltdown 3D renders

If you've not updated to Windows 10 April 2018 Update but you have installed Microsoft's Meltdown patches from a few months ago, your computer is vulnerable to a "fatal flaw".

This is not the first time a patch for the Meltdown vulnerability has led to problems with Windows, but previously it was Windows 7 and Windows Server 2008 that were affected. A security researcher found that Microsoft's patch for Windows 10 "undermined the mitigation", and while the problem has been fixed in the April 2018, the company is still working on backporting an updated patch for older versions of Windows 10.

See also:

Self-described "security ninja" Alex Ionescu revealed the problem, saying: "Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation."

The problem essentially renders the Meltdown patch for Windows 10 useless. Redstone 4 builds of Windows 10 (that is, Windows 10 April 2018 Update, or build 1803) were quietly updated with a patch, but everyone else will have to wait a little longer.

The security expert shared his concerns in a tweet:

There's currently no hint of just when a new patch will be ready for users of older versions of Windows 10, but Microsoft said to Bleeping Computer: "We are aware and are working to provide customers with an update."

Image credit: Production Perig / Shutterstock

71 Responses to Microsoft's Meltdown patch for Windows 10 has a 'fatal flaw'

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.