Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Out-Of-Band Security Update To Patch a Meltdown Patch It Released Earlier This Year (bleepingcomputer.com)

Posted by msmash on from the patch-ception dept.

On Friday, Microsoft issued an out-of-band security update for 64-bit versions of Windows 7 and Windows Server 2008 R2. From a report: The security update -- KB4100480 -- addresses a security bug discovered by a Swedish security expert earlier this week. The bug was caused by a patch meant to fix the Meltdown vulnerability but accidentally opened the kernel memory wide open. According to Ulf Frisk, Microsoft's January 2018 Meltdown patch (for CVE-2017-5754) allowed any app to extract or write content from/to the kernel memory. This all happened because the Meltdown patch accidentally flipped a bit that controlled access permissions to kernel memory. Frisk said that the March Patch Tuesday appears to have "fixed" the issue, as he was not able to interact with kernel memory.

2 of 36 comments (clear)

  1. Re:Put a tent over this circus by FatdogHaiku · · Score: 4, Funny

    Patches to patches to patches, Oh My!

    It's patches all the way down!

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. Patch it around... by Thelasko · · Score: 5, Funny

    99 little bugs in the code.
    99 little bugs.
    Take one down, patch it around.
    127 little bugs in the code...

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".