Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's 'Meltdown' Patch For Windows 10 Contains a Fatal Flaw (bleepingcomputer.com)

Posted by EditorDavid on from the fishing-chips dept.

An anonymous reader quotes BleepingComputer: Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote. Ionescu pointed out that older versions of Windows 10 are still running with outdated and bypass-able Meltdown patches.

Wednesday Microsoft issued a security update, but it wasn't to backport the "fixed" Meltdown patches for older Windows 10 versions. Instead, the emergency update fixed a vulnerability in the Windows Host Compute Service Shim (hcsshim) library (CVE-2018-8115) that allows an attacker to remotely execute code on vulnerable systems.

106 comments

  1. Worse than containing a potential flaw... by greenwow · · Score: 2

    too many of our servers, desktops, and laptops will no longer boot after installing Meltdown/Spectre fixes. The usual symptom is that they show the Windows loading screen then a blank screen.

    1. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 2, Funny

      Impenetrably secure! Consider that Meltdown problem fixed!

    2. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 1

      We bought a bunch of Dell Precision 5520 laptops, and in order to get their wireless drivers to work Dell said we had to install 2018-04 cumulative update. That cause the same symptom you describe. They boot into the Windows loading screen then a black screen. Even though we have ProSupport Plus, they still don't have a solution for us.

    3. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 5, Informative

      I think Microsoft views disabling servers as less worse than leaving them with a security problem. Just sucks for us since my company's web site is down after apply new Microsoft updates. I'm probably going to lose my job over this which sucks, but I did put in writing in an email that our staging systems wouldn't boot after installing the latest Windows updates.

    4. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      You SHOULD lose your job over this but not because Microsoft hasn't fixed things, but because you use Microsoft to host websites. Seriously? This is 2018. It takes 10 minutes to set up a Linux nginx server... At most.

    5. Re:Worse than containing a potential flaw... by gweihir · · Score: 4, Insightful

      The thing that really surprises me is that MS is not getting any better at producing software. This is still the same incompetence that could routinely be observed back when MSDOS got patched. They blunder and bumble and mess up, and they still have the by far largest market-share on the desktop and a significant one on the server. Are their customers really this fundamentally stupid?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:Worse than containing a potential flaw... by KiloByte · · Score: 1

      Wait, so why do you even have staging servers, if a fatal problem they show still doesn't stop propagation to production?

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    7. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      And it will run the same software flawlessly I suppose.

    8. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Well their customers all hopped on board the untested updates and spying on everything train so...yeah.
      Them pushing automatic updates so hard, then firing all the testers should have been a red flag.

      Most of Microsoft's customers can't even tell you the difference between Windows and a computer in general.

      The difference is one is hardware and the other is software but they think they are both literally magic and literally intelligent.

    9. Re:Worse than containing a potential flaw... by Pinky's+Brain · · Score: 1

      Doesn't windows have some way to quickly recover from a VSS snapshot remotely so you can bring a server back almost instantly if an update fails? It would be almost insane if it didn't ...

    10. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 1

      First off, Windows is simply trying to fix a hardware problem Intel created, that they cant easily fix, now that's its out of the bag. They are mutually damaging to BOTH their bottom lines.

      I doubt new fixed up CPU's will be offered for free or concessional prices for retrofits. I doubt MS can re-write an OS that quickly, because its not a patch, but belts and braces memory quarantining of loose processes all over the shop. No doubt Office is getting broken when hard security is put in place.

      We know the damage and smoke signals went up at least 9 months ago,
      And the reserve brain bank of the best and brightest of multibillion dollar companies have not yet delivered the goods - while keeping independent security researchers OUT of the loop.

      After 9 months of insecurity, I really hope smart organisations are going to set up a plan B, *nix.

    11. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Obligatory the website is down

    12. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      I imagine all their core libraries aren't a simple logical vertical stack of modules, but a mish-mash of modules piled on top of each other like a pile of rubble. They can't slot out one layer without messing up the interdependancies of those above and below.

    13. Re:Worse than containing a potential flaw... by mikael · · Score: 1

      With all the extra complexity that has been added through the advancement of hardware? Even if they kept the OS and GUI the same, they would still have to support 64-bit extensions, deeper pipelines, all those different kernel hypervisor modes, paging methods, extra instruction sets. Device drivers are written in C++ using inheritance.

      Their customers have built applications and production pipelines either on Linx or on Windows over years if not decades. In turn their customers also use Windows and Exchange for E-mail management.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    14. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      I think that Microsoft created the problem in the first place, I remember how they pushed trusted computing, bit execution prevention because security on software was too hard and hardware was difficult to tamper.

      Also I remember those awful but cheap winmodems where a windows driver used the CPU as the modem microprocessor.

    15. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 2, Insightful

      Switch to a real operating system? Fedora works fantastically well on my Precision 7510.

    16. Re:Worse than containing a potential flaw... by gweihir · · Score: 1

      So? You are expected to learn _faster_ than technology advances and you are expected to keep solved problems solved. Basically everybody besides MS manages that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    17. Re: Worse than containing a potential flaw... by neuro88 · · Score: 1

      I can't help but ask... Why didn't you try a burn in test across a few of your systems first? I come from the Linux side if things so maybe there's something I missed or don't know how Microsoft mandates the update process in a Windows environment. Sincerely curious.

    18. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Sure. It's MS's fault Intel fucked up.
      On a related note, it's your parent's fault you are so stupid.

    19. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      Let's see now: Active Directory and integration with Azure, hundreds or maybe thousands of software packages that only have a Windows Server version and no Linux equivalent, lots of ASP.NET bespoke applications, plenty of desktop Windows only apps knocking around. I could go on but I'm interested to hear how you could possibly replace all this with a Linux solution. I expect insults and demands for people to be fired though.

    20. Re:Worse than containing a potential flaw... by thegarbz · · Score: 1

      I'm probably going to lose my job over this which sucks, but I did put in writing in an email that our staging systems wouldn't boot after installing the latest Windows updates.

      If you didn't lose your job over this and you had even a bit of self respect you would quit and find a place to work for that isn't an absolute toilet.

    21. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      No.

      They bought the laptop from Dell, followed Dells instructions and now it doesn't work.
      Just return the laptops and buy something else.

    22. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      And it will run the same software flawlessly I suppose.

      Yes, if you picked software that is supported on multiple platforms to begin with.
      Being locked in to a specific vendor or a specific platform isn't something you shouldn't care about.
      Being able to migrate the the platform of your choice has a value that you should take into consideration when setting up a system.

      If you bought a proprietary package with the promise that it will work hassle free and with less maintenance than other solutions... Well, hold them to that promise.

      If you paid for proprietary software and it doesn't work and you aren't getting support to get it to work then you just wasted a bunch of money since you are getting even less than you would from a free solution.

      So, some people made a couple of mistakes along the way that have come back to bite them in the ass now.
      It happens, nothing to lose your head over.
      But when the servers doesn't work you can't just wait for someone else to fix it for you and Microsoft is large enough to not care about their customers if only a few of them have issues.
      Just figure out what you need to do to get your stuff running and do it.
      Make the choices that means that you won't end up in this situation again.

    23. Re:Worse than containing a potential flaw... by mrmaster · · Score: 1

      We bought a bunch of Dell Precision 5520 laptops, and in order to get their wireless drivers to work Dell said we had to install 2018-04 cumulative update. That cause the same symptom you describe. They boot into the Windows loading screen then a black screen. Even though we have ProSupport Plus, they still don't have a solution for us.

      In the future, maybe choose a hardware vendor with better support.

    24. Re: Worse than containing a potential flaw... by gweihir · · Score: 1

      The stupidity of the customers comes from digging themselves deeper and deeper into the MS mess, when it was clear from the outset that it is a mess. Your "argument" just illustrates this point further.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    25. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      As expected, tiresome insults. Just out of interest, is there a Linux equivalent of Active Directory or Group Policy or a mail client that integrates with things like Cisco WebEx or Condeco?

    26. Re: Worse than containing a potential flaw... by gweihir · · Score: 1

      As expected, you understand nothing. This is not about Linux. It is about MS.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    27. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      You assert that MS customers are stupid, I give you several reasons why people use MS software, you respond with insults and avoiding the question. What should we be using that gives us the same availability of software and ease of management? This is the question my management will ask me and "some guy on Slashdot thinks you're morons" won't go very far.

    28. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      A modem simply converts the digital data into the audio sounds that are sent down the telephone line, and decodes the one that are received. No different from generating an audio file.

    29. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      You act like this guy may have had the opportunity to build up the company's software from scratch, or has any authority to make the kind of decisions you think people ought to be able to just 'make'. It's more likely that he's been hired in to maintain an existing system.

    30. Re: Worse than containing a potential flaw... by Megol · · Score: 1

      Are you 10? You made a claim so it is you that support that (ridiculous) claim.
      State what software for Linux provides the required functionality or just shut up.

    31. Re: Worse than containing a potential flaw... by gweihir · · Score: 1

      I _literally_ did not even mention Linux anywhere except to say I was not talking about it. Are you functionally illiterate?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    32. Re: Worse than containing a potential flaw... by gweihir · · Score: 1

      You still do not get what I was saying. At all. Instead you defend the bad choices that made MS the mess it is today. That is not smart. At all.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    33. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      This. You have a contract. If they can't find a fix, send back the broken shit and demand new gear or your money back.

      Pretty sure they breached the contract when they said "we don't know how to fix this, sorry(not sorry).

    34. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Learn to read. No wonder you get insults thrown your way. You didn't even comprehend what he was saying. You just double down on stupid. Nice strategy. Want to try it a third time? I hear it's a charm.

    35. Re: Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Wow you just made yourself look dumb as fuck.

      He never mentioned linux. You guys brung that straw man into the discussion to try to railroad it. One troll said "use Linux". The rest was you MS zealots trying to make linux look bad.

      TLDR: YOU locked yourself into the MS platform(by taking the job, or being the architect), doubled down on it, and then made excuses for Microsoft's incompetence. THEN try to throw linux under the bus because it doesn't offer broken bloated solutions to your problems.

      Typical MS behavior.

    36. Re:Worse than containing a potential flaw... by Anonymous Coward · · Score: 0

      Are their customers really this fundamentally stupid?

      Yes. Yes they are.

    37. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      Please explain then. I'm not getting anything beyond

      Are their customers really this fundamentally stupid?

      when I have tried to show you that availability of applications is why people buy Microsoft. If you have a superior alternative that can run the same software then feel free to tell me what it is.

    38. Re: Worse than containing a potential flaw... by cyber-vandal · · Score: 1

      Fuck off dickhead.

  2. Windows and "free to play" by stikves · · Score: 4, Insightful

    The Windows 10 update system feels like "free to play" games, where they actually make you pay more than what you would have paid outright if you made an upfront purchase.

    While I like the some of the new features (linux support, more responsive UI, remote xbox streaming, etc), they make sure unwanted cruft comes with it, since you can no longer choose to include or not include many components. Also they took away the excellent Windows Media Center which still has no free alternative.

    It is now too late, but I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.

    1. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      Windows 11 will be called Shitshows: Attack of the Payware.

    2. Re:Windows and "free to play" by Anonymous Coward · · Score: 3, Insightful

      It is now too late, but I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.

      One word of advice: "Linux".

    3. Re:Windows and "free to play" by Anonymous Coward · · Score: 0, Informative

      it's not a subscription..... yet.

      remember how microsoft said that windows 10 would be "the last windows you'll ever buy"?

      it's absolutely true, because the next version will be exactly that... a rammed-up-your-ass subscription... for everybody, not just 'enterprise' users.

      they're following the cable tv model. shrinking market (thanks to mobile devices and stagnant pc sales instead of cord cutting for cable), so start abusing the fuck out of the customers that are left, wringing every last drop of profits possible before their entire business model collapses into a black hole.

    4. Re:Windows and "free to play" by Dutch+Gun · · Score: 4, Informative

      I wish we stayed with the WIndows 7 model, where a purchase meant a purchase not a subscription.

      I haven't yet seen a monthly bill for my copy of Windows. People keep mistaking the new Windows model as some radical departure, which it really is not. All it means is that Microsoft is doing away with UPGRADE purchases. You're still required to purchase a new copy of Windows if you buy a new computer.

      You get a license for the lifetime of the computer, not your lifetime. So, it's really not as different in reality as "the last version of Window" sounds. I think Microsoft just realized that most consumers didn't purchase upgrades anyhow (only "upgrading" when a new computer was purchased), and maintaining several OS lines at the same time was a pain, so in reality, it's more of a cost-saving measure for them by simply keeping everyone on the same branch of Windows.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    5. Re:Windows and "free to play" by gweihir · · Score: 3, Informative

      Indeed. As to playing media, VLC works pretty well, I don't think I have used the WMC in years. (I am still on Win 7 and preparing to move everything except gaming to Linux when Win10 cannot be avoided anymore...)

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re: Windows and "free to play" by Anonymous Coward · · Score: 1

      It is now with Office 365

      https://www.computerworld.com/article/3207675/office-software/microsoft-365-business-office-windows-10-in-one-smb-friendly-subscription.html

    7. Re: Windows and "free to play" by Anonymous Coward · · Score: 0

      That's because Windows 10 is a testing ground for Windows as a service. Why do you think it's changing so often? They are testing us.

    8. Re:Windows and "free to play" by Anonymous Coward · · Score: 1

      You'd be surprised how far Linux gaming has come. I've been stubbornly doing Linux gaming for over 10 years -- back when it sucked -- so I've personally been watching its growth. Even when there are issues, troubleshooting damn near everything is a lot easier in Linux once you get the hang of what tools to use and how to use them.

      Yes, there are a lot of big shot publishers acting like assholes when it comes to not supporting Linux (EA, Rockstar, Blizzard, Bethesda...) for whatever reasons we could conjecture on forever. I just don't play their games. Besides, most of those big companies either produce overpriced bugfests or are just downright evil, so I wouldn't buy their games even if they did support Linux. Rockstar I might just make an exception for if that day ever comes...

      There's thousands of others to choose from that will provide more entertaining gameplay hours than you have left in your human lifespan. Isn't that all you need?

      Even if you do decide to dual-boot or run separate systems, please give Linux gaming a shot once you've got a distro set up. If you've never tried Linux before, I'd recommend KDE Neon these days. It's based off Ubuntu, which most game developers use in their development environments, but it's a lot more stripped down and it runs the most beautiful yet practical desktop environment I've seen yet.

      You might just end up weaning yourself off slowly as I did. The last Windows I used was Windows 7 as well. :)

    9. Re:Windows and "free to play" by Ol+Olsoc · · Score: 1

      I think Microsoft just realized that most consumers didn't purchase upgrades anyhow (only "upgrading" when a new computer was purchased), and maintaining several OS lines at the same time was a pain, so in reality, it's more of a cost-saving measure for them by simply keeping everyone on the same branch of Windows.

      It would be nice if the gaddamned OS actually worked. W10 is touted as the Most secure version ever, and they cannot fix a critical flaw, they are taking systems that work and rendering them or the sodftwre on them inoperable.

      The only thing that they have going for them is Stockholm syndrome.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    10. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      I have win10 on a laptop and an old Dell tower that miraculously upgraded to win10. I am not a 'power user', just a guy from win 95 days. The new 'malicious auto removal tool' on win10 always removes 'Speccy' with each major update. Besides win10 always changing associations back to Windows Photos (killing Irfanview and LibreOffice programs" it works well. My housemate's computer is another problem altogether. There will come the day when I'll have to go Ubuntu, MS is locking down bit by bit it's Win10 to the point where it will be unusable.

    11. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      Its called bundling. Grandma Bell too. Oh, once the railway tycoons.
      IBM paid dearly for that, once, the some clever finance dudes have so far convinced congress that Google. Facebook and MS are not like IBM was like back then.

      History is yet to come around.

    12. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      When using a laptop Chrome, it refuses to (on VLC) play an old collection of original StarTrekTOS shows, in AVI format. I just want my shit to work!!!

    13. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      try naming it filename.mp4 instead of filename.avi
      it works more often than you'd think

    14. Re:Windows and "free to play" by mikael · · Score: 1

      Already the contract states, you purchase a license to *USE* Windows for a year, not to own the software.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    15. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      I haven't yet seen a monthly bill for my copy of Windows

      Not yet, but you have already been the victim of spyware data collection, adware and potentially had your AP used as a distro node for Windows 10 and other Microsoft crapware. Money isn't the only form of payment in the world, kid.

      People keep mistaking the new Windows model as some radical departure, which it really is not

      It's not? Because I totally don't remember spyware, adware, forced "updates" and forced reboots in previous versions of Windows.

      All it means is that Microsoft is doing away with UPGRADE purchases

      And adding in spyware, adware, forced "updates" and forced reboots too, you mean.

      You're still required to purchase a new copy of Windows if you buy a new computer

      Since Microsoft uses Windows 10 to collect and sell data about users, shouldn't Microsoft be paying those users? I mean they are doing beta testing, which is a job and something that only Microsoft benefits from, so why aren't the users of Windows 10 receiving paychecks?

      You get a license for the lifetime of the computer, not your lifetime

      That sucks then, because my retail copy of Windows 7 Ultimate has a perpetual license that will last beyond my lifetime. I can even legally resell it if I want.

      so in reality, it's more of a cost-saving measure for them by simply keeping everyone on the same branch of Windows

      No, it's a money-making measure for them because they get to use PAYING CUSTOMERS as beta tester guinea pigs (why do you think almost every single Windows 10 update breaks shit?) and they get to harvest and sell their data too.

    16. Re: Windows and "free to play" by phantomfive · · Score: 1

      Worth checking out Wine. I was concerned about gaming as well when I recently switched to Linux, but it turns out Wine is acceptable with all the games I play.

      --
      "First they came for the slanderers and i said nothing."
    17. Re:Windows and "free to play" by thegarbz · · Score: 2

      W10 is touted as the Most secure version ever, and they cannot fix a critical flaw

      In their defence, OS level attacks on Windows 10 are very rare, and this critical flaw they cannot fix hasn't actually caused any grief to the point where across most OSes there are a large number of people who either purposely didn't apply the fix or disabled the fix to gain a speed improvement.

      Not all critical flaws are critical to all people.

    18. Re: Windows and "free to play" by gweihir · · Score: 2

      Not for me, restricting gaming to Linux cuts too many things I want to play. I expect that with Vulcan things will get better over the next 10 years or so. Having a "secure" system and one where there is minimal personal data, no email, no web-surfing, etc. for gaming was a longer-term plan of me anyways and properly restricted, Win10 becomes an acceptable risk for the moment, I think.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    19. Re:Windows and "free to play" by Megol · · Score: 1

      Send your thanks to Intel as it is they who created the mess in the first place.

      We have a model where the hardware is expected to conform to the specification. That specification includes: do not allow unprivileged code to access privileged data.

      So Linux, Windows and all other x86 systems using protected mode (~all in use) design their system taking advantage of that fact by mapping privileged data into the virtual address space. This also works in all other current processor architectures: Power, MIPS, ARM, Itanium, SPARC, und so weiter.

      But Intel _did_ allow unprivileged code to access privileged data when doing speculative execution. This means unprivileged code can read all memory mapped into the virtual address space. So one of the fundamental foundations* of modern OS design is suddenly not valid anymore.

      This isn't an easy problem to solve. It have to be solved as quickly as possible (as every Intel system for a very long time is open to attack otherwise) but involves complicated changes in the basic system and have to be made reasonably effective.
      (* intentional)

    20. Re:Windows and "free to play" by gweihir · · Score: 1

      I have been using Linux on the desktop and on the server since 1994. I just find that playing the games I want to play on Linux is still not a good idea, even if the gap gets smaller. As the trend is clear, I will eventually switch over, but not now.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    21. Re:Windows and "free to play" by Anonymous Coward · · Score: 0

      You know what else has Linux support? ... Linux!

    22. Re:Windows and "free to play" by strikethree · · Score: 1

      I haven't yet seen a monthly bill for my copy of Windows.

      I merely bolded the relevant part of your sentence. Carry on as usual... for now

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
    23. Re:Windows and "free to play" by strikethree · · Score: 1

      (I am still on Win 7 and preparing to move everything except gaming to Linux when Win10 cannot be avoided anymore...)

      If you MUST play the latest games, yes, Windows10 is unavoidable. I changed my mindset from looking at the games I couldn't play to looking at the games I actually could play and then chose which games I would spend my time on. I do fuck around with Windows occasionally just to see what is going on, but my life would be just fine if Windows10 disappeared forever. It would cause me no issues, and, as a matter of fact, it would likely make my life better since all of the software writers would be targeting a new platform.

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
  3. Long Term Servicing??? by Anonymous Coward · · Score: 0

    They pretty much have to back port any new meltdown and specter patches to 1607 and 1507 LTSC and Windows Server 2016 (based on 1607 kernel) so I imagine there will be backports coming at least for Win 10 and possibly even for 7...Enterprises will demand it.

    1. Re:Long Term Servicing??? by Anonymous Coward · · Score: 0


      MODDOWN! ; creimer spam post again!

      creimer wants you to click on his youtube channel, then click on his stupid amazon affiliate link spam on Youtube. There is nothing of value on creimer youtube channel. Only creimer click-bot goes there.

      creimer, I reported you to youtube and amazon and I keep reporting every spam post you make so all these spam posts will do is bring your view count in negative territory for a given day since youtube barred your stupid click-bot and your spam posts.

  4. Two similar errors on two different versions by klingens · · Score: 4, Interesting

    First they totally fscked up the Windows 7/Server 2008 Meltdown "fix" allowing every user program access any RAM area they wanted
    https://www.theregister.co.uk/...
    And now again they fsck it all up in another version as well by returning the data the patch was supposed to not return. But the way they did fsck it up was totally different than the Windows 7 way. They have so many fuckups, they create different ones for each OS version, cause one fuckup is not enough. Code reuse with audited, well written code would be too easy for two OS kernels that are so much the same obviously. No 7 and 10 are not different. Still the same kernel where even many drivers work fine the same.

    These clowns are too stupid to write any OS for more than a non-programmable calculator.

    1. Re:Two similar errors on two different versions by gweihir · · Score: 2

      You trust MS to code for a simple pocket calculator? Don;t you know that excel has been calculating wrongly for decades? Now, the real problem with MS is that everybody else keeps getting better, but MS just keeps getting richer. Which also means that the actual real problem here is the customer. MS has proven to be incapable and incompetent time and again, but people just continue to use and buy their trash.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Two similar errors on two different versions by thegarbz · · Score: 2

      These clowns are too stupid to write any OS for more than a non-programmable calculator.

      Or maybe this is a fundamentally hard problem to fix depending on how it the entire system is designed. Linux got lucky with their solution to the problem as it nicely piggybacked on work that has been ongoing since 2005 > ASLR then KASLR 4 years ago. Windows 10 was the first MS OS to even experiment with ASLR on the kernel and it had its fair share of bugs so they didn't have a neat and easy foundation for KPTI.

      Unlike other OSes (i.e. Linux) which only rolled out the fix to the most recent kernel and the LTS kernel, MS backported it to a variety of OSes, each with significant differences in the way kernel memory is managed.

      So by all means, step up and show how its done.

    3. Re:Two similar errors on two different versions by Anonymous Coward · · Score: 0

      I wonder how many people in Microsoft work on the kernel these days? I read somewhere, IIRC, on Linux it's about three thousands or so per release.

      About the LTS kernel, on Ubuntu these days they pick/maintain their own LTS kernels, not based on upstream LTS kernels (which are mostly maintained by GKH, and other maintainers). I don't know about other distros. And let's not forget kernels maintained by various vendors (android devices manufacturers, IoT, embedded devices manufacturers, etc).

    4. Re:Two similar errors on two different versions by Anonymous Coward · · Score: 1

      Same AC, I forgot about one thing, just small correction. When you wrote: "Unlike other OSes (i.e. Linux)", you obviously meant "Unlike other OSes (e.g. Linux)". (i.e. = that is) (e.g. = for example).

  5. Too many versions of Windows 10 by xack · · Score: 2

    And not enough time to test them properly. Microsoft should just support one version of Windows 10, getting rid of superfluous versions like 10S and take the LTSB version and just support that without the six monthly "Windows as a service" updates.

    1. Re:Too many versions of Windows 10 by Ol+Olsoc · · Score: 1

      And not enough time to test them properly. Microsoft should just support one version of Windows 10, getting rid of superfluous versions like 10S and take the LTSB version and just support that without the six monthly "Windows as a service" updates.

      Or better, rewrite the whole thing in Unix.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Too many versions of Windows 10 by Anonymous Coward · · Score: 0

      Or better, rewrite the whole thing in Unix.

      And be like Linux, where they're constantly rewriting the GUI framework, adding features no one asked for and removing features people use? Sounds a lot like the Windows model.

    3. Re:Too many versions of Windows 10 by blind+biker · · Score: 1

      By "too many versions of Windows 10", surely you mean n>0.

      --
      "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    4. Re:Too many versions of Windows 10 by Ol+Olsoc · · Score: 1

      Or better, rewrite the whole thing in Unix.

      And be like Linux, where they're constantly rewriting the GUI framework, adding features no one asked for and removing features people use? Sounds a lot like the Windows model.

      Except that it works!

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    5. Re:Too many versions of Windows 10 by Anonymous Coward · · Score: 0

      Not the OP, but the answer is yes. There are software components (e.g. .net framework) that work on some W10 versions, but doesn't work on older versions.

  6. 5 months later still the same by Anonymous Coward · · Score: 0

    What does microsoft pay its engineers for exactly?

    1. Re:5 months later still the same by Anonymous Coward · · Score: 3, Funny

      What does microsoft pay its engineers for exactly?

      They write the code; you test it.

    2. Re:5 months later still the same by Anonymous Coward · · Score: 0

      To plow your tight, white virgin asshole while Tyrone and the boys bang your mom.

    3. Re:5 months later still the same by gweihir · · Score: 1

      MS still has engineers?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:5 months later still the same by ELCouz · · Score: 1

      H1B engineers precisely...

    5. Re:5 months later still the same by gweihir · · Score: 1

      Hehehehe. No surprise then this does not work. The foreign ones that are really good at their job would never take a H1B deal.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re: 5 months later still the same by Anonymous Coward · · Score: 0

      I hate when niggas bang my mom.

  7. Crowdstrike by Anonymous Coward · · Score: 1

    please die, we're tired of your geopolitical propaganda and fake security

  8. One fatal flaw isn't that bad by bobstreo · · Score: 1

    Its only been a few days.

    I'm pretty sure more fatal flaws will be discovered and targeted quickly. /s

  9. wtf is this? by Anonymous Coward · · Score: 1

    Apple's developers are a bunch of incompetent that store passwords as plain text files or let you login entering no password. Microsoft's are another bunch of incompetents patching bugs with faulty patches. Wtf is this?

    1. Re:wtf is this? by gweihir · · Score: 1

      Stupid customers. The problem is that MS has been getting away with this crap for around 40 years. And not only that, they got filthy rich. Why should they change anything?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  10. Better off with no patch by Anonymous Coward · · Score: 0

    Tell me where all the threat are attacking these flaws in hardware?? Then we have 6 months to fix them and still we get crap solutions from people who are supposed to be smart enough to devise a solution. You would think in six months a better more sound solution could have been created? Or maybe were just throwing bandages on a cancerous growth that won't go away? Have to wonder how competent people at Intel, Apple, Microsoft, Google are?

    1. Re:Better off with no patch by Anonymous Coward · · Score: 0

      Not to gloat too hard, but Linux had mitigations deployed within weeks. And they work without breaking the hell out of everything.

    2. Re:Better off with no patch by Anonymous Coward · · Score: 0

      I've got an old PC (E4500 core2 duo) with no firmware updates available, no PCID to mitigate performance hit. I did some worst-case tests (with Ubuntu MATE 16.04) before/after the KPTI patch and the results were identical within reasonable error bounds.

  11. Microsoft's . . Windows 10 . . a fatal flaw by Anonymous Coward · · Score: 0

    Fixed the title for you. :-)

  12. Microsoft's downfall began... by Kaenneth · · Score: 4, Informative

    Microsoft's downfall began when they fired most of their QA staff.

    Everything has gone to shit since.

    http://www.businessinsider.com...

    Satya Nadella has fucked things up, but it's not too late to fire him.

    1. Re:Microsoft's downfall began... by ayesnymous · · Score: 1

      Satya along with their investors don't think it's a downfall.

    2. Re:Microsoft's downfall began... by Kaenneth · · Score: 1

      Short term, it cut 'costs'

    3. Re:Microsoft's downfall began... by thegarbz · · Score: 1

      Microsoft's downfall began when they fired most of their QA staff.

      I highly doubt their QA staff would have caught this. Everything that has gone to shit has mostly gone to shit in the user space, and even then it's not like the lack of QA staff is the problem as much as their entire process is (e.g. that Chrome locking bug (which also affects Cortana so it's not even MS not caring about the competition) in the latest version of Windows 10 was reported by insiders 2 months before the release on multiple different bug reports, and yet remained unfixed)

      QA from Microsoft never really did catch critical security flaws.

  13. What a suprise! However, by geekprime · · Score: 1

    However, the real problem is, at it's root "windows 10" itself. If you are not the paying customer, you ARE the product. And the tiny percentage of people that have actually paid for 10 are products that paid to be sold.

    Does no one else think it odd that you can still reinstall and verify win xp licenses? Or that win 7 licenses are still actively for sale ?

  14. ...Microsoft taking the hit by mschaffer · · Score: 1

    Indeed, it is probably more secure, I do not understand why Microsoft is trying to fix Intel's problem. Now, they created their own mess and fell in it.

    1. Re:...Microsoft taking the hit by Anonymous Coward · · Score: 0

      Indeed, it is probably more secure, I do not understand why Microsoft is trying to fix Intel's problem. Now, they created their own mess and fell in it.

      Maybe because Intel have the same license agreement as everyone else to cover their ass and reserves the right to update the errata whenever they feel like.
      Once they do that Intel can claim that Microsoft is using the processor wrong and it becomes Microsofts responsibility to update their code according to Intels instructions.
      Microsoft in turn reserves the right to turn off functions of the OS whenever they like and if the user doesn't install the latest upgrade they aren't using it right.

  15. You SHOULD lose your job by Anonymous Coward · · Score: 0

    Not everything runs with Nginx, and it has its flaws, too. You are probably unaware of that, so I wonder why someone would keep your pathetic skills on the payroll.

    1. Re: You SHOULD lose your job by Anonymous Coward · · Score: 0

      What do you need your web server to do that linux and ngix doesn't provide? Please name them.

  16. Fatal? by MoarSauce123 · · Score: 1

    Who died?

  17. Microsoft's stronghold by Anonymous Coward · · Score: 0

    Microsoft really does have one unbeatable strength.

    Their advertisements have cornered the market on happy smiling toothy, stylishly dressed twenty-something negroes, mulattoes, and various mud people of indeterminate race and gender, all toothily standing around and grinning at an open laptop sporting a Windows logo. And there's always the petite pink haired chick in a black miniskirt and a hoop earring too. They grin and nod like monkeys as though watching Windows boot was akin to watching the live launch of an Atlas V.

    And yet when the cameras stop, the actors all go back to their real life of watching negro rappers on their smartphone or playing Bejewled classic, or watching mud people pron. Their real life is a low-brow affair of consumerism and affirmative action jobs. None of them owns a laptop. None of them would be able to do anything with Windows anyway, other than perhaps open a web browser.

  18. Yes by Anonymous Coward · · Score: 0

    Yes, yes it does: you have to run Windows to apply it.