Alex Ionescu of Crowdstrike wrote on wrote on Twitter that “#Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation.” The layman’s explanation there is that the patch still allowed access to the kernel, therefore undermining the use of having a patch at all. In other words, you’re still vulnerable to Meltdown. This requires local code execution privileges and occurs only on Windows 10 Build 1709, the Fall Creators Update. If you’ve been updating your computer over Windows Update, that’s very likely the version you have right now. “We are aware and are working to provide customers with an update,” a Microsoft spokesperson told Laptop Mag. According to Bleeping Computer, the issue was fixed in the April 2018 major Windows 10 update that was released on Monday. This puts users in a bit of a predicament, as many like to wait until the kinks are worked out in new releases. Additionally, you still have to manually download the new update, as it is not rolling out automatically just yet. Even then, it could take a long time for the April 2018 update to finally reach your PC. Ionescu’s point that there is “no backport” suggests that Microsoft has yet to bring the fix to older versions of Windows 10. Hopefully, we’ll see a new fix on May 8, this month’s Patch Tuesday. Meltdown and another vulnerability, Spectre, were disclosed by Google’s Project Zero and other researchers back in January. Meltdown affects almost every Intel processor going back to the mid-1990s, and Spectre affects many ARM and AMD processors as well. You can’t currently buy a laptop or desktop without at least one of these vulnerabilities, though mitigations have come through via both operating-system and chip-firmware patches. Image credit: Natascha Eidl/Public domain
Windows 10 Security and Networking
Previous TipNext Tip
Use the Windows 10 Parental ControlsFind Your MAC AddressTurn Your Windows PC into a Wi-Fi HotspotPassword Protect a FolderCreate a Guest Account in Windows 10Enable Windows Hello Fingerprint LoginSet Up Windows Hello Facial RecognitionHow to Restrict Cortana’s Ever-Present Listening in Windows 10Automatically Lock Your PC with Dynamic LockBlacklist Non-Windows Store AppsFind Saved Wi-Fi PasswordsSet Up a Metered Internet ConnectionUse Find My DeviceStream XBox One GamesAll Windows 10 TipsMap a Network DriveCreate Limited User AccountsSet Time Limits for KidsPin People to Your Taskbar