Friday, March 30, 2018

New Windows 7 and Server 2008R2 out of band patch

Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched Meltdown and Spectre in January. In that patch, Windows separates page tables between user space and kernel space to mitigate processor vulnerabilities (kernel page table isolation).  But this apparently creates a new problem in Windows 7 and Server 2008R2.

The new vulnerability allows any user on the machine to read and write to the memory of any process, including the kernel. Ironically, this is worse than the original Meltdown vulnerability which only allowed attackers to read (but not write) arbitrary memory. In other words, the patch creates a problem worse than the original vulnerability the patch was written to solve.

Read the full story on the Rendition Infosec corporate blog.