Microsoft's Meltdown patches made Windows 7 and Server 2008 less secure

Reading time icon 1 min. read


Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Last month Microsoft worked with companies to release patches to fix Spectre and Meltdown vulnerabilities. As it turns out, Microsoft might have messed up with the updates.

The company released patches for Windows 7 and Server 2008 as well which created a new loophole. The new security issue was found out by a Swedish security researcher.

In short — the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.

The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.

On a good note, the issue is just with the 64-bit version of Windows and Microsoft has already released a fix for it in the March updates. So if you’re using Windows 7 or Server 2008 R2 then make sure you have the latest updates installed.

Source: Frizk; Via: Beta News

More about the topics: Meltdown and Spectre, microsoft, windows

Leave a Reply

Your email address will not be published. Required fields are marked *