google-site-verification: google30a059f9a075f398.html

IT must patch against Total Meltdown now: The source code is on GitHub

CyberWisdom Safe Harbor Commentary on Patch Against Total Meltdown:

What is most likely to be an overlooked story from techrepublic.com describes an interesting that the source code for Total Meltdown is a vulnerability Microsoft created when it tried to fix the original Meltdown defect on GitHub.

A person named XPN cited them as hackers and information security researchers on the blog, and they published details of a work loop that exploited Monday’s overall crash advantage. In addition to that post, the source code for the vulnerability is now on GitHub.

In blog posts, XPN described Total Meltdown as a “very good” vulnerability because it allows “any process to access and modify page table entries.” XPN also pointed out that the goal is to create an exploit that can “elevate privileges during evaluation”, but this is only to help others understand the use of technology, rather than create a ready-to-use attack.

SEE: System Pro Research (Tech Pro Research)

For that unfamiliar, Total Meltdown was originally created by a patch fix released by Microsoft for the original Meltdown vulnerability of Spectre / Meltdown. Although the original crash vulnerability is read-only, Total Meltdown also provides write access.

If you are concerned about XPN exploits or any Total Meltdown issues, you should note that it only affects the 64-bit versions of Win7 and Server 2008 R2. As pointed out in the Woody Windows column in the computer world, the following patch introduces Total Meltdown:

KB 4056894
KB 4056897
KB 4073578
KB 4057400
KB 4074598
KB 4074587
KB 4075211
KB 4091290
KB 4088875
KB 4088878
KB 4088881
To prevent the XPN vulnerability, bloggers pointed out that Microsoft’s CVE-2018-1038 patch can be found here.

However, to tell you if you are protected by Total Meltdown, you must check the patch history. According to Woody on Windows, if you don’t have the 2018 patch, you should be fine. However, if you do have a patch and you have KB 4100480, 4093108, or 4093118 installed, you should be protected. If not, Woody on Windows points out that you need to roll back the machine, install the KB 4093108 manually, or use Windows Update to install all checked April Windows patches.

The cloud has no borders. Nor should your safety be.
Gain greater visibility and control while overcoming debris. Learn more about cloud security solutions that adapt to your changing needs.
Sponsored by MCAFEE
At the time of writing this article, there were no loopholes that could completely collapse in the wild. However, if the code is easy to find, it will soon change.

Read more…

A patch for Meltdown created an even bigger flaw for 64-bit Win7 and Server 2008 R2. Now, it’s freely available. Engaging post, Read More…

thumbnail courtesy of techrepublic.com.

If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » IT must patch against Total Meltdown now: The source code is on GitHub

Add a Comment

Your email address will not be published. Required fields are marked *