Microsoft may have patched Windows 10 for Meltdown, but a security researcher claims that the patch had a "fatal flaw" that undermines the supposed protection. The only way to get a true solution is to update to the Windows Update on April 10, 2018, which was published earlier this week. Bleeping computer first reported the news
Welp, it appears that #Meltdown patches for Windows 10 had a fatal flaw :. NtCallEnclave by calling back the user space with the full kernel directory of the page table, completely undermining the mitigation. This is now patched in RS4 but not in previous compilations, is there no backport? pic.twitter.com/VIit6hmYK0
– Alex Ionescu (@aionescu) May 2, 2018
Alex Ionescu of Crowdstrike wrote on he wrote on Twitter that "#Meltdown patches for Windows 10 had a fatal error: calling NtCallEnclave returned to the user space with the full directory of the kernel page table, completely undermining mitigation. "
The profane explanation is that the patch still allows access to the kernel, therefore, undermines the use of having a patch. In other words, you are still vulnerable to Meltdown.
Laptop Mag has contacted Microsoft for comments and will update it if we hear it.
According to Bleeping Computer, the problem was corrected in the main update of Windows 10 April 2018 that was released on Monday. This puts the users in a complicated situation, since many like to wait until the problems are solved in the new versions.
In addition, you still have to manually download the new update, as it is not yet being implemented automatically. Even then, it could take a long time for the April 2018 update to finally reach your PC.
Ionescu's argument that there is no "backup" suggests that Microsoft still has to bring the fix to earlier versions of Windows 10. Hopefully, we will see a new solution on May 8, this month's patches patch. .
Meltdown and another vulnerability, Specter, were revealed by Google's Zero Project and other researchers in January. Meltdown affects almost all Intel processors since the mid-1990s, and Specter also affects many ARM and AMD processors. Currently, you can not buy a laptop or desktop computer without at least one of these vulnerabilities, although mitigation measures have come through the patches of the operating system and chip firmware.
Image credit: Natascha Eidl / Public domain
Windows 10 Network and Security