Welcome Stranger to OCC!Login | Register

Microsoft's Windows 10 Meltdown Patch Had/Has Critical Vulnerability

Category: Operating Systems
Posted: 08:50AM

This is likely a bit embarrassing for Microsoft, as security researchers discovered its patch for Windows 10 to protect against the Meltdown vulnerability itself had a vulnerability. The researchers discovered calling NtCallEnclave would return to the user space the full kernel page table directory. In other words, if that call is made the whole point of the mitigation was defeated.

As bad of news as this might be though, Microsoft is aware of the issue and apparently fixed it in the release of Windows 10 v1803, also known as the April 2018 Update which released a week ago. Those of you who installed the feature update will be fine, but the fix will need to be backported for older versions of the OS.

Source: BleepingComputer

Register as a member to subscribe comments.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1750481129   (xlweb1)