The Meltdown and Spectre vulnerabilities had hit the tech industry like a storm. Almost all devices were vulnerable to the attack. However, companies were quick enough to respond with patches so the damage was reduced to a small fraction of what could have been a disaster. Microsoft rolled out the Meltdown and Spectre patches in January and did not leave the older versions of Windows. Windows 7 also received the update which helped it from being vulnerable to the attack.
But, Ulf Frisk, a security researcher, has found that the original Meltdown security patch for Windows 7 and Windows Server 2008 R2 has opened up the systems to a much worse vulnerability. The patches have given normal programs access to full read and write operations in the system memory. Windows 7 64-bit and Windows 2008R2 in the January and February patch updates are affected by this issue.
The bug has already mapped all the system memory into every running process so it was just a matter of exploiting this bug.
In the words of Frisk; “No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write!”
The good news is that Windows 8.1 and Windows 10 are completely secure. Microsoft has already released a March update to fix this issue. So the users of Windows 7 64-bit and Windows 2008R2 should immediately update their systems to the latest version available to them.
The best thing everyone can do to keep their systems secure is to upgrade to Windows 10. Windows 10 is the most secure version of Windows. If that is not enough for you to upgrade, keep in mind that support for Windows 7 will end in January of 2020 and support for Windows 8.1 will end in January of 2023.
Disclaimer: The information contained in this article is based on a research by Ulf Frisk. Windows Latest makes no claims, guarantees about the accuracy or completeness, contained in this article or linked pages (websites).