Attention, Windows 7 and Windows server 2008 R2 users! Meltdown, Spectre bugs can still sting you! (CVE-2018-1038 & KB4100480)
Meltdown and Spectre bugs that could give away data in the protected memory were discovered recently. Microsoft's kernel patch fixes in January and February meant the dangers were allayed, but Sweden based researcher Ulf Frisk says, "no"!
Who's at risk?
Users with Windows 7 x64-based systems or Windows 2008 R2 server, who have installed any of the servicing updates released during or after January 2018 are prone to remote code execution and elevation of privilege.
Users with Windows 7 x64-based systems or Windows 2008 R2 server, who have installed any of the servicing updates released during or after January 2018 are prone to remote code execution and elevation of privilege.
How is the vulnerability exploited?
Frisk's own invention PCIleech - for Direct Memory Acess attacks - allows access into memory dumps. When a memory dump happens, the processes along with their virtual memory could be read. Frisk claims, "you'll be able to write to memory as well! Super convenient if your target system employs software based anti-forensic or anti-cheating functionality since this is all handled in hardware on the target!"
Frisk's own invention PCIleech - for Direct Memory Acess attacks - allows access into memory dumps. When a memory dump happens, the processes along with their virtual memory could be read. Frisk claims, "you'll be able to write to memory as well! Super convenient if your target system employs software based anti-forensic or anti-cheating functionality since this is all handled in hardware on the target!"
How do you stay secure?
Microsoft has addressed Frisk's discovery in its latest security advisory and released security updates. The KB KB4100480 details are as follows:
Microsoft has addressed Frisk's discovery in its latest security advisory and released security updates. The KB KB4100480 details are as follows:
- 24199 - 2018-03 Security Update for Windows 7 for x64-based Systems - Kernel Update for CVE-2018-1038 (KB4100480)
- 24200 - 2018-03 Security Update for Windows Server 2008 R2 for x64-based Systems - Kernel Update for CVE-2018-1038(KB4100480)
These security patch updates are now supported by ManageEngine's patch management.
Reiterating, if you're a user with Windows 7 x64 hardware or Windows 2008 R2 server, you may be at risk if you have not applied the latest patches yet. So, rush now!