Meltdown and Spectre have caused headaches for device manufacturers as well as companies which develop software. While numerous firms have rolled out patches to mitigate the effects of the vulnerabilities, things haven't gone too smoothly.
One such example is Microsoft's Meltdown patch for Windows 7 and Windows Server 2008 R2, which inadvertently paved the way to further exploits.
Security researcher Ulf Frisk noticed that Microsoft's January patches for Meltdown allowed infected processes to read and write into the physical memory, which could also lead to elevation of privileges. Importantly, this bug was extremely easy to exploit and didn't require any "fancy API or syscalls".
While Microsoft fixed this issue in March's Patch Tuesday, systems running January and February patches have been vulnerable to it, until now. The company has released the KB4100480 update for the following products:
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft has explained the vulnerability as follows:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Microsoft has advised affected users to install the update immediately and has classified the severity of the issue as "Important". Systems other than those mentioned above are safe from this exploit, and only Windows 7 and Windows Server 2008 R2 computers running January or February patches are affected. Machines running older patches are unaffected from this particular vulnerability too, since it was the January patch that introduced the memory bug in the first place.