- If not updated with a software patch to plug the security loopholes–Meltdown and Spectre–, a hacker can remotely highjack victims’ PCs.
- Microsoft’s new update fixes Meltdown (CVE-2018-1038) vulnerability
Severe security bugs Meltdown and Spectre were discovered earlier in the year in Windows-powered PCs with Intel, AMD, ARM and other chipsets. Microsoft, as the first course of action, released a firmware patch to fix the former.
As it turns out, the software patch meant for Meltdown had a serious bug. Microsoft has now rolled out a new update with the necessary fix that will fully protect Windows devices from the Meltdown (CVE-2018-1038) security loop-hole.
For those unaware, the aforementioned vulnerability makes the Windows kernel fail to properly handle objects in memory. An attacker who successfully exploits this vulnerability can run arbitrary code in kernel mode. The attacker could then install programs and view, change or even delete data; as well as create new accounts with full user rights, Microsoft claimed.
[Microsoft releases new ‘Meltdown’ patch to fix the bug in January 2018 update] A man types on a computer keyboard
To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially-crafted application to take control of an affected system.
The new update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
Users are advised to update their Windows PCs with the incoming software patch immediately to be fully protected against the Meltdown vulnerability.
Meltdown and Spectre security threat backstory:
In January 2018, Google Project Zero researchers unearthed two major flaws. One, with two versions — CVE-2017-5753 and CVE-2017-5715 — was called “Spectre,” and the second — CVE-2017-5754 — was called “Meltdown.”
During testing, Google Project Zero researchers discovered the aforementioned security flaws took advantage of “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
Cybercriminals using malicious codes on speculative execution were able to read the protected system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications.
Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.
Thankfully, both vulnerabilities can be easily fixed by a software update. Intel is in talks with other chipmakers to release the security firmware as soon as possible.