Microsoft's 'Meltdown' Patch For Windows 10 Contains a Fatal Flaw

[DamianTV]

https://it.slashdot.org/story/18/05/...s-a-fatal-flaw

Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote. Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.

Wednesday Microsoft issued a security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions. Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.

Did you know that Microsoft intentionally left security holes in many of its products at the behest of Anti Virus companies in order to bolster those sales? Computerized Planned Obsolescence or intentionally insecure to increase sales.

[pcosmar]

https://it.slashdot.org/story/18/05/...s-a-fatal-flaw



Did you know that Microsoft intentionally left security holes in many of its products at the behest of Anti Virus companies in order to bolster those sales? Computerized Planned Obsolescence or intentionally insecure to increase sales.

"Know" is a strong word,, Suspected is more accurate.
I have long distrusted Micro$oft.. Despised their business model, and been more than frustrated with their product.
They get an A+ in marketing though.. they have managed to sell the whole world a complete piece of $#@!.

[timosman]

https://it.slashdot.org/story/18/05/...s-a-fatal-flaw



Did you know that Microsoft intentionally left security holes in many of its products at the behest of Anti Virus companies in order to bolster those sales? Computerized Planned Obsolescence or intentionally insecure to increase sales.

Writing $#@!ty code should be illegal.

[pcosmar]

Writing $#@!ty code should be illegal.

Writing it,, should be edited and corrected.

Selling it questionable.

Buying it,,, ?

[timosman]

Buying it,,, ?

This is where the power of a kickback comes in.

[DamianTV]

Writing $#@!ty code should be illegal.

Writing $#@!ty code is about the same as designing a $#@!ty product that breaks first time you use it but isnt covered under its limited warranty.

Sadly, that is the plan to make too many business profitable. Sometimes conspiracy, sometimes not. For example. Take two brand new companies, same number of employees, and they both make the same product, a Sprocket. First company works hard on designing their sprocket to make it durable and last as long as possible, and charge more for their sprockets than the second company. Second company cuts as many corners as possible, has their stuff made overseas, and their sprockets are garbage, and their sprockets are cheaper. First company starts off selling great, but they become victims of their own success, as their parts rarely ever break and there is no repeat business. Second company gets off to a slow start due to their low quality, but because of the high profit margin and return business, the garbage company ends up buying out the quality company, then shelving the less profitable but higher quality sprocket design. Yes, it is kind of like the Broken Window Fallacy, but the windows arent made of glass, but the cheapest crappiest materials that barely pass as windows. I truly hope I am wrong here.

Either way, the outcome is the same, Garbage Reigns Supreme.