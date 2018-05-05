Microsoft's 'Meltdown' Patch For Windows 10 Contains a Fatal Flaw (bleepingcomputer.com) 22
An anonymous reader quotes BleepingComputer: Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.
"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote. Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.
Wednesday Microsoft issued a security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions. Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.
Worse than containing a potential flaw... (Score:2)
too many of our servers, desktops, and laptops will no longer boot after installing Meltdown/Spectre fixes. The usual symptom is that they show the Windows loading screen then a blank screen.
Re: (Score:1)
Impenetrably secure! Consider that Meltdown problem fixed!
Re: (Score:1)
We bought a bunch of Dell Precision 5520 laptops, and in order to get their wireless drivers to work Dell said we had to install 2018-04 cumulative update. That cause the same symptom you describe. They boot into the Windows loading screen then a black screen. Even though we have ProSupport Plus, they still don't have a solution for us.
Re: (Score:2, Informative)
I think Microsoft views disabling servers as less worse than leaving them with a security problem. Just sucks for us since my company's web site is down after apply new Microsoft updates. I'm probably going to lose my job over this which sucks, but I did put in writing in an email that our staging systems wouldn't boot after installing the latest Windows updates.
Windows and "free to play" (Score:3)
The Windows 10 update system feels like "free to play" games, where they actually make you pay more than what you would have paid outright if you made an upfront purchase.
While I like the some of the new features (linux support, more responsive UI, remote xbox streaming, etc), they make sure unwanted cruft comes with it, since you can no longer choose to include or not include many components. Also they took away the excellent Windows Media Center which still has no free alternative.
It is now too late, but I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.
Re: (Score:3, Insightful)
It is now too late, but I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.
One word of advice: "Linux".
Re: (Score:1)
it's not a subscription..... yet.
remember how microsoft said that windows 10 would be "the last windows you'll ever buy"?
it's absolutely true, because the next version will be exactly that... a rammed-up-your-ass subscription... for everybody, not just 'enterprise' users.
they're following the cable tv model. shrinking market (thanks to mobile devices and stagnant pc sales instead of cord cutting for cable), so start abusing the fuck out of the customers that are left, wringing every last drop of profits pos
Re: (Score:2)
I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.
I haven't yet seen a monthly bill for my copy of Windows. People keep mistaking the new Windows model as some radical departure, which it really is not. All it means is that Microsoft is doing away with UPGRADE purchases. You're still required to purchase a new copy of Windows if you buy a new computer.
You get a license for the lifetime of the computer, not your lifetime. So, it's really not as different in reality as "the last version of Window" sounds. I think Microsoft just realized that most consum
Two similar errors on two different versions (Score:3, Interesting)
First they totally fscked up the Windows 7/Server 2008 Meltdown "fix" allowing every user program access any RAM area they wanted
https://www.theregister.co.uk/... [theregister.co.uk]
And now again they fsck it all up in another version as well by returning the data the patch was supposed to not return. But the way they did fsck it up was totally different than the Windows 7 way. They have so many fuckups, they create different ones for each OS version, cause one fuckup is not enough. Code reuse with audited, well written code would be too easy for two OS kernels that are so much the same obviously. No 7 and 10 are not different. Still the same kernel where even many drivers work fine the same.
These clowns are too stupid to write any OS for more than a non-programmable calculator.
Too many versions of Windows 10 (Score:1)
One fatal flaw isn't that bad (Score:2)
Its only been a few days.
I'm pretty sure more fatal flaws will be discovered and targeted quickly.
/s
wtf is this? (Score:1)
Apple's developers are a bunch of incompetent that store passwords as plain text files or let you login entering no password. Microsoft's are another bunch of incompetents patching bugs with faulty patches. Wtf is this?