March 28, 2018 09:42 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ThQyLT3hmK8/microsofts-windows-7-meltdown-fixes-from-january-and-february-made-pcs-more-insecure
Microsoft's Windows 7 Meltdown Fixes From January and February Made PCs More Insecure
Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. From a report: This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system's memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/ThQyLT3hmK8/microsofts-windows-7-meltdown-fixes-from-january-and-february-made-pcs-more-insecure
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot