Total Meltdown - Microsoft's Meltdown patch failure allows any program to R/W kernel memory

[Guest The Viking]

8 hours ago, mr moose said:

No updates, nothing.  It just leaves it alone.  It's like I turned off automatic updates or something (but I haven't). 

It may have to do with your MS Office pack.

 

I have the pro one, which includes Outlook. But it's just microsoft being microsoft.

[mr moose]

1 hour ago, The Viking said:

It may have to do with your MS Office pack.

 

I have the pro one, which includes Outlook. But it's just microsoft being microsoft.

 It must have something to do with the age of the office pack as it is quite old. 

[LAwLz]

13 hours ago, heybengbeng said:

anyone know if this Total Meltdown need local access or physical access to exploit?

There are no code based exploits which requires physical access.

The only exploits which ever requires physical access are ones where you physically has to interact with the computer, for example swapping out components, or the Cortana vulnerability where you could use the microphone to tell a locked computer to do things.

When it comes to running code on the computer, the processor has no way of knowing if the code was manually typed in by hand, or executed by someone in China. The processor neither knows nor cares.

 

So the answer is no, you do not need physical access. You never do with these type of exploits. That goes for AMDflaws too, which lots of people insisted you needed physical access for (which you don't).

Code is code, regardless of where it comes from.

[yian88]

if its 7 only it was on purpose so they can kill it off faster in favor of 10 no doubt about that

[heybengbeng]

On 30/3/2018 at 5:21 PM, LAwLz said:

There are no code based exploits which requires physical access.

The only exploits which ever requires physical access are ones where you physically has to interact with the computer, for example swapping out components, or the Cortana vulnerability where you could use the microphone to tell a locked computer to do things.

When it comes to running code on the computer, the processor has no way of knowing if the code was manually typed in by hand, or executed by someone in China. The processor neither knows nor cares.

 

So the answer is no, you do not need physical access. You never do with these type of exploits. That goes for AMDflaws too, which lots of people insisted you needed physical access for (which you don't).

Code is code, regardless of where it comes from.

i see, recently read that in this website https://www.bleepingcomputer.com/news/microsoft/meltdown-patch-opened-bigger-security-hole-on-windows-7/ and they said it need physical access for total meltdown while before they said meltdown need local access on january, so its kinda confuse me i guess.

 

is there anything i can do to avoid getting my pc exploited for total meltdown while waiting for windows april security rollup? ( so far i only use my pc for gaming and downloading some stuff or watching movies online on trusted website. i dont know if this enough or not tho).  it looks like microsoft drop their march rollup since its buggy

[LAwLz]

27 minutes ago, heybengbeng said:

i see, recently read that in this website https://www.bleepingcomputer.com/news/microsoft/meltdown-patch-opened-bigger-security-hole-on-windows-7/ and they said it need physical access for total meltdown while before they said meltdown need local access on january, so its kinda confuse me i guess.

Yeah, a lot of people have this misconception, and it doesn't help with journalists spread it too.

However, if you go and read their source you will find that it does not mention needing physical access anywhere.

What the total meltdown vulnerability mentions is "physical memory addresses". That does not mean physical access though.

 

 

33 minutes ago, heybengbeng said:

is there anything i can do to avoid getting my pc exploited for total meltdown while waiting for windows april security rollup? ( so far i only use my pc for gaming and downloading some stuff or watching movies online on trusted website. i dont know if this enough or not tho).  it looks like microsoft drop their march rollup since its buggy

The update is already out. Please note that it is just for Windows 7 or Windows Server 2008 R2. If you use any other OS you are fine.

[heybengbeng]

29 minutes ago, LAwLz said:

Yeah, a lot of people have this misconception, and it doesn't help with journalists spread it too.

However, if you go and read their source you will find that it does not mention needing physical access anywhere.

What the total meltdown vulnerability mentions is "physical memory addresses". That does not mean physical access though.

 i just checked the website again and looks like they have news that said it need physical access now.

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-out-of-band-security-update-for-windows-7-and-windows-server-2008/ 

 

"The flaw is not remotely exploitable, and attackers need either physical access to a PC, or they need to infect the PC with malware beforehand."

Quote

 

The update is already out. Please note that it is just for Windows 7 or Windows Server 2008 R2. If you use any other OS you are fine.

yeah from the article above i know that the update already out but im still on January rollup, i dont know if installing that OOB update is okay with January Rollup or not. from what i read the OOB update is kinda small so i prefer if i can just update the OOB to my January rollup of course, since my internet for now kinda crappy.

 

https://support.microsoft.com/en-us/help/4056894

 

from January rollup website theres note telling people to install the OOB tho(its included too in february and march rollup too), so i dont know if the OOB superseded the february and march update for meltdown/spectre too or not

[SolarNova]

How convienient, it only cocked up on Windows 7 .. the OS they want people to stop using Im sure it was totaly an innocent oversight

 

More people need to start remembering never to trust 1.0 versions of anything ,they usualy the most buggy .. that includes patches to 'fix' things

[heybengbeng]

19 minutes ago, SolarNova said:

How convienient, it only cocked up on Windows 7 .. the OS they want people to stop using Im sure it was totaly an innocent oversight

 

More people need to start remembering never to trust 1.0 versions of anything ,they usualy the most buggy .. that includes patches to 'fix' things

yeah, even right now i still dont know if its okay to update the OOB update directly from January rollup update(my last update) or not. afraid that the fix gonna bugged again

[LAwLz]

1 hour ago, heybengbeng said:

i just checked the website again and looks like they have news that said it need physical access now.

https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-out-of-band-security-update-for-windows-7-and-windows-server-2008/ 

 

"The flaw is not remotely exploitable, and attackers need either physical access to a PC, or they need to infect the PC with malware beforehand."

That "or" in the sentence is very important though. Physical access is not a requirement for this exploit. The requirement is a way to run the code. That can be accomplished by having physical access, but it can also be accomplished in a wide variety of other ways such as through another vulnerability, a Trojan Horse or other malware.

 

Like I said before, your processor does not know nor care where code comes from. It just executes it. However, that code has to end up reaching your processor somehow.

 

 

1 hour ago, SolarNova said:

How convienient, it only cocked up on Windows 7 .. the OS they want people to stop using Im sure it was totaly an innocent oversight

 

More people need to start remembering never to trust 1.0 versions of anything ,they usualy the most buggy .. that includes patches to 'fix' things

I really doubt they did this on purpose, because it doesn't make sense.

The vulnerability was not know until now, so nobody was changing OS because of it. Once it was known, they patched it quickly.

For your conspiracy to make sense, they would have had to sit on their butts while Windows 7 users were vulnerable, and the users knew they were vulnerable.

[SolarNova]

50 minutes ago, LAwLz said:

That "or" in the sentence is very important though. Physical access is not a requirement for this exploit. The requirement is a way to run the code. That can be accomplished by having physical access, but it can also be accomplished in a wide variety of other ways such as through another vulnerability, a Trojan Horse or other malware.

 

Like I said before, your processor does not know nor care where code comes from. It just executes it. However, that code has to end up reaching your processor somehow.

 

 

I really doubt they did this on purpose, because it doesn't make sense.

The vulnerability was not know until now, so nobody was changing OS because of it. Once it was known, they patched it quickly.

For your conspiracy to make sense, they would have had to sit on their butts while Windows 7 users were vulnerable, and the users knew they were vulnerable.

Aye, it was in jest.. though if u think about it, the news out now may well be enough for people to think "oh well W7 is vulnerable but 10 isnt, must be somthing better about W10, i shall upgrade"  ....maybe

[heybengbeng]

On 4/1/2018 at 1:41 AM, LAwLz said:

That "or" in the sentence is very important though. Physical access is not a requirement for this exploit. The requirement is a way to run the code. That can be accomplished by having physical access, but it can also be accomplished in a wide variety of other ways such as through another vulnerability, a Trojan Horse or other malware.

 

Like I said before, your processor does not know nor care where code comes from. It just executes it. However, that code has to end up reaching your processor somehow.

i see, i hope my pc still okay since i only use it for gaming lately. do you know if its okay to apply the OOB update if my last windows update is on January security rollup?

[LAwLz]

1 hour ago, heybengbeng said:

i see, i hope my pc still okay since i only use it for gaming lately. do you know if its okay to apply the OOB update if my last windows update is on January security rollup?

I don't have Windows 7 on any of my computers anymore so I can't test it for you, sorry.

What I can say however is that the risk of you being affected by this is fairly low. The attacker needs some way of running arbitrary code on your computer to begin with, so this exploit essentially just makes a bad situation (your PC is infected with a virus) worse (the virus can now read anything stored in RAM).

 

If you are worried, then I recommend you install all updates you can. Then you will be protected.

If you for some reason can't or don't want to install all updates that has been released since January then I wouldn't worry too much about it. Leave your computer as it is right now and update when you can.

[vorticalbox]

Sudo apt update && sudo apt upgrade

 

 

[heybengbeng]

1 hour ago, LAwLz said:

I don't have Windows 7 on any of my computers anymore so I can't test it for you, sorry.

What I can say however is that the risk of you being affected by this is fairly low. The attacker needs some way of running arbitrary code on your computer to begin with, so this exploit essentially just makes a bad situation (your PC is infected with a virus) worse (the virus can now read anything stored in RAM).

 

If you are worried, then I recommend you install all updates you can. Then you will be protected.

If you for some reason can't or don't want to install all updates that has been released since January then I wouldn't worry too much about it. Leave your computer as it is right now and update when you can.

yeah, i read somewhere that there's probability that OOB update KB4100480 will include some known issues from March rollup but so far no one said anything about it creating problem tho after updating to KB4100480(as you know March rollup is buggy). and comparing both January and February rollup update it looks like theres more known issue on February rollup update.

 

yeah, so i dont know if im gonna apply the KB4100480 or wait till April rollup

Thanks for you help and explanation, maybe ill just wait and see the April rollup update since lately im only using this pc for gaming, lower chance to get exploit or virus from browsing and javascript