A person named XPN cited them as hackers and information security researchers on the blog, and they published details of a work loop that exploited Monday’s overall crash advantage. In addition to that post, the source code for the vulnerability is now on GitHub.
In blog posts, XPN described Total Meltdown as a “very good” vulnerability because it allows “any process to access and modify page table entries.” XPN also pointed out that the goal is to create an exploit that can “elevate privileges during evaluation”, but this is only to help others understand the use of technology, rather than create a ready-to-use attack.
SEE: System Pro Research (Tech Pro Research)
For that unfamiliar, Total Meltdown was originally created by a patch fix released by Microsoft for the original Meltdown vulnerability of Spectre / Meltdown. Although the original crash vulnerability is read-only, Total Meltdown also provides write access.
If you are concerned about XPN exploits or any Total Meltdown issues, you should note that it only affects the 64-bit versions of Win7 and Server 2008 R2. As pointed out in the Woody Windows column in the computer world, the following patch introduces Total Meltdown:
To prevent the XPN vulnerability, bloggers pointed out that Microsoft’s CVE-2018-1038 patch can be found here.
However, to tell you if you are protected by Total Meltdown, you must check the patch history. According to Woody on Windows, if you don’t have the 2018 patch, you should be fine. However, if you do have a patch and you have KB 4100480, 4093108, or 4093118 installed, you should be protected. If not, Woody on Windows points out that you need to roll back the machine, install the KB 4093108 manually, or use Windows Update to install all checked April Windows patches.
The cloud has no borders. Nor should your safety be.
Gain greater visibility and control while overcoming debris. Learn more about cloud security solutions that adapt to your changing needs.
Sponsored by MCAFEE
At the time of writing this article, there were no loopholes that could completely collapse in the wild. However, if the code is easy to find, it will soon change.
A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Engaging post, Read More…
thumbnail courtesy of techrepublic.com.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »