Windows 10 Meltdown Patch Has 'Fatal Flaw,' Update Now

Microsoft may have patched Windows 10 for Meltdown, but a security researcher claims that the patch had a "fatal flaw" that undermines the supposed protection. The only way to get a true solution is to update to the Windows Update on April 10, 2018, which was published earlier this week. Bleeping computer first reported the news

Welp, it appears that #Meltdown patches for Windows 10 had a fatal flaw :. NtCallEnclave by calling back the user space with the full kernel directory of the page table, completely undermining the mitigation. This is now patched in RS4 but not in previous compilations, is there no backport? pic.twitter.com/VIit6hmYK0

– Alex Ionescu (@aionescu) May 2, 2018

Alex Ionescu of Crowdstrike wrote on he wrote on Twitter that "#Meltdown patches for Windows 10 had a fatal error: calling NtCallEnclave returned to the user space with the full directory of the kernel page table, completely undermining mitigation. "

The profane explanation is that the patch still allows access to the kernel, therefore, undermines the use of having a patch. In other words, you are still vulnerable to Meltdown.

Laptop Mag has contacted Microsoft for comments and will update it if we hear it.

According to Bleeping Computer, the problem was corrected in the main update of Windows 10 April 2018 that was released on Monday. This puts the users in a complicated situation, since many like to wait until the problems are solved in the new versions.

In addition, you still have to manually download the new update, as it is not yet being implemented automatically. Even then, it could take a long time for the April 2018 update to finally reach your PC.

Ionescu's argument that there is no "backup" suggests that Microsoft still has to bring the fix to earlier versions of Windows 10. Hopefully, we will see a new solution on May 8, this month's patches patch. .

Meltdown and another vulnerability, Specter, were revealed by Google's Zero Project and other researchers in January. Meltdown affects almost all Intel processors since the mid-1990s, and Specter also affects many ARM and AMD processors. Currently, you can not buy a laptop or desktop computer without at least one of these vulnerabilities, although mitigation measures have come through the patches of the operating system and chip firmware.

Image credit: Natascha Eidl / Public domain

Author's biography

Andrew E. Freedman,

Andrew joined Laptopmag.com in 2015, reviewing computers and keeping up with the latest news. He has an M.S. in Journalism (Digital Media) from Columbia University. Lover of everything related to games and technology, his previous work has appeared in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.

Andrew E. Freedman,
in