DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
June 24, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 207 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Meltdown patches introduced major kernel vulnerability on Windows 7

Posted on Wednesday, March 28 2018 @ 13:52:41 CEST by


MSFT logo
Sometimes a cure can be worse than the disease. This seems to be so in the case of the Meltdown patches for the 64-bit versions of Windows 7 and Windows Server 2008 R2. Earlier this month, security researcher Ulf Frisk discovered the Meltdown patches created a gaping kernel vulnerability in these operating systems. A bug introduced by these patches enabled user-level application to not only read but also write data to the operating system's kernel memory.
Frisk says that Microsoft's Meltdown patch (for CVE-2017-5754) —released in the January 2018 Patch Tuesday— accidentally flipped a bit that controls the access permission for kernel memory. Frisk explains:

In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself.

The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.
Microsoft quietly patched the bugs earlier this month, via the March Patch Tuesday rollout.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba