Jump to content

Update : Microsoft Issues Out-Of-Band Security Update for Windows 7 & Windows Server 2008


Recommended Posts

Microsoft issued today an out-of-band security update for 64-bit versions of Windows 7 and Windows Server 2008 R2.




The security update —KB4100480— addresses a security bug discovered by a Swedish security expert earlier this week.


The bug was caused by a patch meant to fix the Meltdown vulnerability but accidentally opened the kernel memory wide open.


According to Ulf Frisk, Microsoft's January 2018 Meltdown patch (for CVE-2017-5754) allowed any app to extract or write content from/to the kernel memory. This all happened because the Meltdown patch accidentally flipped a bit that controlled access permissions to kernel memory.


Frisk said that the March Patch Tuesday appears to have "fixed" the issue, as he was not able to interact with kernel memory.


But today, Microsoft released KB4100480 to make sure the vulnerability was closed for good. The accidental bit flip bug now has its own CVE identifier of  CVE-2018-1038.


The flaw is not remotely exploitable, and attackers need either physical access to a PC, or they need to infect the PC with malware beforehand.


Besides KB4100480, Microsoft released another out-of-band security update last Friday, March 23. KB3203399 resolved a vulnerability (CVE-2017-8551) in Microsoft Office that could lead to remote code execution and was meant for Microsoft Project Server 2013 Service Pack 1 users only.



Link to comment
Share on other sites

  • Replies 2
  • Views 533
  • Created
  • Last Reply

This is the state of $h*t MS, its developers and testers.... Wondering what they test before releasing the updates.....

Link to comment
Share on other sites

3 hours ago, vissha said:

Wondering what they test before releasing the updates.....

Starbucks coffee

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...