The Windows Internals expert Alex Ionescu discovered that a Meltdown patch issued for Windows 10 is affected by a severe vulnerability that could be exploited to bypass it.
“Calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation,” reads a tweet wrote on Twitter.
Welp, it turns out the #Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation. This is now patched on RS4 but not earlier builds — no backport?? pic.twitter.com/VIit6hmYK0
— Alex Ionescu (@aionescu) May 2, 2018
Ionescu explained that Microsoft addressed the flaw with the release of the Windows 10 version 1803, also known as April 2018 Update.
Microsoft acknowledged the issue reported by the expert and is currently working to provide a fix to include in the Windows 10 version 1790 (Fall Creators Update) thta is the only version affected.
The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.
The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.
The good news is that Meltdown attacks are not easy to conduct and the risk of exploitation is considered low.
He noticed that Meltdown and Spectre security updates released by Microsoft in January and February for Windows 7 and Windows Server 2008 R2 patch Meltdown are affected by a vulnerability that could be exploited by attackers to easily read from and write to memory.
According to the expert, an attacker can exfliltrate gigabytes of data per second by exploiting the vulnerability.
(Security Affairs – Meltdown patch, Windows)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.