steven36 Posted March 30, 2018 Share Posted March 30, 2018 Microsoft issued today an out-of-band security update for 64-bit versions of Windows 7 and Windows Server 2008 R2. The security update —KB4100480— addresses a security bug discovered by a Swedish security expert earlier this week. The bug was caused by a patch meant to fix the Meltdown vulnerability but accidentally opened the kernel memory wide open. According to Ulf Frisk, Microsoft's January 2018 Meltdown patch (for CVE-2017-5754) allowed any app to extract or write content from/to the kernel memory. This all happened because the Meltdown patch accidentally flipped a bit that controlled access permissions to kernel memory. Frisk said that the March Patch Tuesday appears to have "fixed" the issue, as he was not able to interact with kernel memory. But today, Microsoft released KB4100480 to make sure the vulnerability was closed for good. The accidental bit flip bug now has its own CVE identifier of CVE-2018-1038. The flaw is not remotely exploitable, and attackers need either physical access to a PC, or they need to infect the PC with malware beforehand. Besides KB4100480, Microsoft released another out-of-band security update last Friday, March 23. KB3203399 resolved a vulnerability (CVE-2017-8551) in Microsoft Office that could lead to remote code execution and was meant for Microsoft Project Server 2013 Service Pack 1 users only. Source Link to comment Share on other sites More sharing options...
vissha Posted March 30, 2018 Share Posted March 30, 2018 This is the state of $h*t MS, its developers and testers.... Wondering what they test before releasing the updates..... Link to comment Share on other sites More sharing options...
Skunk1966 Posted March 30, 2018 Share Posted March 30, 2018 3 hours ago, vissha said: Wondering what they test before releasing the updates..... Starbucks coffee Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.