Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Windows 7 Meltdown Fixes From January and February Made PCs More Insecure (theregister.co.uk)

Posted by msmash on from the closer-look dept.

Microsoft's January and February security fixes for Intel's Meltdown processor vulnerability opened up an even worse security hole on Windows 7 PCs and Server 2008 R2 boxes. From a report: This is according to researcher Ulf Frisk, who previously found glaring shortcomings in Apple's FileVault disk encryption system. We're told Redmond's early Meltdown fixes for 64-bit Windows 7 and Server 2008 R2 left a crucial kernel memory table readable and writable for normal user processes. This, in turn, means any malware on those vulnerable machines, or any logged-in user, can manipulate the operating system's memory map, gain administrator-level privileges, and extract and modify any information in RAM. The Meltdown chip-level bug allows malicious software, or unscrupulous logged-in users, on a modern Intel-powered machine to read passwords, personal information, and other secrets from protected kernel memory. But the security fixes from Microsoft for the bug, on Windows 7 and Server 2008 R2, issued in January and February, ended up granting normal programs read and write access to all of physical memory.

3 of 84 comments (clear)

  1. translation by Anonymous Coward · · Score: 3, Interesting

    microsoft is intentionally crippling windows 7 security.. stay tuned for the press release touting windows 10 as the 'best' fix for these issues.

    1. Re:translation by webmistressrachel · · Score: 5, Interesting

      This is exactly what I was thinking.

      Microsoft released a decent operating system and then killed it on purpose when they couldn't persuade people to upgrade to Windows 8, 8.1, or 10 - there was no need to upgrade while everything worked so well under 7!!

      I only upgraded from Windows 2003 "workstation" after I had observed feedback from 7 users for about a year. I will not upgrade to 10, even if they try to force me to with "exclusive" releases - I will play my games on 7 until that market ends, and I will continue to use Linux for my work as I always have, all of which simply means that eventually my hobby will die with Windows 7. Thanks M$.

      I strongly suspect that I'm not the only person thinking like this. M$ created a whole industry, now they want to destroy it.

      --
      This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
  2. It's the chips by WillAffleckUW · · Score: 2, Interesting

    Ask yourself, who would design chips so that they could be backdoored?

    There you go.

    Oh, and, yes, we're in your keyboards, mice, printers, and so many devices in your "smartphones".

    --
    -- Tigger warning: This post may contain tiggers! --