Security News > 2018 > March > Microsoft Patches for Meltdown Introduced Severe Flaw: Researcher

Microsoft Patches for Meltdown Introduced Severe Flaw: Researcher
2018-03-28 11:03

Some of the Windows updates released by Microsoft to mitigate the Meltdown vulnerability introduce an even more severe security hole, a researcher has warned. Microsoft has released patches for the Meltdown and Spectre vulnerabilities every month since their disclosure in January. While at this point the updates should prevent these attacks, a researcher claims some of the fixes create a bigger problem. According to Ulf Frisk, the updates released by Microsoft in January and February for Windows 7 and Windows Server 2008 R2 patch Meltdown, but they allow an attacker to easily read from and write to memory. He noted that while Meltdown allows an attacker to read megabytes of data per second, the new vulnerability can be exploited to read gigabytes of data per second – in one of the tests he conducted, the expert managed to access the memory at speeds of over 4 Gbps. Moreover, the flaw also makes it possible to write to memory. Frisk says exploitation does not require any sophisticated exploits – standard read and write instructions will get the job done – as Windows 7 has already mapped the memory for each active process. “In short - the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself,” the researcher explained. “The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.” “Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization. All one have to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory,” he said. The researcher says anyone can reproduce the vulnerability using a direct memory access (DMA) attack tool he developed a few years ago. The attack works against devices running Windows 7 x64 or Windows Server 2008 R2 with the Microsoft patches from January or February installed. The issue did not exist before January and it appears to have been addressed by Microsoft with the March updates. Windows 10 and Windows 8.1 are not affected, Frisk said. SecurityWeek has reached out to Microsoft for comment and will update this article if the company responds. Frisk previously discovered a macOS vulnerability that could have been exploited to obtain FileVault passwords, and demonstrated some UEFI attacks. Related: Windows Updates Deliver Intel's Spectre Microcode Patches Related: Microsoft Disables Spectre Mitigations Due to Instability Related: Microsoft Will Not Deliver Security Updates to Devices With Incompatible Antiviruses (function() { var po = document.createElement("script"); po.type = "text/javascript"; po.async = true; po.src = "https://apis.google.com/js/plusone.js"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s); })(); Tweet Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.Previous Columns by Eduard Kovacs:Microsoft Patches for Meltdown Introduced Severe Flaw: ResearcherFirst OpenSSL Updates in 2018 Patch Three FlawsAxonius Uses Existing Tools to Find, Secure DevicesIntel CPUs Vulnerable to New 'BranchScope' AttackCanadian Firm Linked to Cambridge Analytica Exposed Source Code 2018 ICS Cyber Security Conference | Singapore [April. 24-26] Register for the 2018 CISO Forum at Half Moon Bay 2018 ICS Cyber Security Conference | USA [Oct. 22-25] sponsored links Tags: NEWS & INDUSTRY Vulnerabilities Data Protection


News URL

http://feedproxy.google.com/~r/Securityweek/~3/bP_7UDUBJ6s/microsoft-patches-meltdown-introduced-severe-flaw-researcher

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 708 787 4589 4647 3639 13662