UIF Frisk reports says that patches that are added to address the Meltdown processor flaw on Windows 7 [64-bit] and Windows Server 2008 R2 Machines has caused a greater vulnerability. The Report claims that the new flaw allows any processes to write to arbitrary memory without the “Fancy Exploits”.
The Reports says that “Exploitation was just a matter of reading and write to already mapped in-process virtual memory. No Fancy APIs or system calls required – just standard read and write!”
On account of the measure of information put away in memory is fairly expansive and complex, Windows PCs track information utilising addresses recorded on virtual and physical “maps” or “pages.” The detailed issue lives with a four-level in-memory page table progression the processor’s Memory Management Unit uses to decipher the virtual locations of information into physical locations put away in the framework memory.
As indicated by Frisk, Windows 7 and Windows Server 2008 R2 have a self- referencing passage on Page Map Level 4 (PML4) in virtual memory with a settled address. This address is just made accessible to the working framework’s least, most secure level: The portion. Just procedures with a “manager” consent approach this address and the information on this table.
In any case, Microsoft’s Meltdown patches discharged toward the start of 2018 set the authorisation to “client.” That implies all procedures and applications can get all information put away in memory, even information just intended to be utilised by the working framework.
“When perused/compose get to has been picked up to the page tables it will be inconsequentially simple to access the entire physical memory, unless it is moreover secured by Extended Page Tables (EPTs) utilised for Virtualisation,” Frisk composes. “Each of the ones needs to do is to compose their own Page Table Entries (PTEs) into the page tables to get to discretionary physical memory.”
To demonstrate this revelation, Frisk added a method to abuse the helplessness — a memory securing gadget — in the PC Leech coordinate memory get to toolbox. Be that as it may, in case you’re attempting to test the helplessness on a Windows 7 or Windows Server 2008 R2 machine refreshed on March Patch Tuesday, you’re stuck between a rock and a hard place. Microsoft exchanged the PML4 authorisation back to “boss” as a feature of the organisations cover of security fixes for the month.
The memory issue surfaced after Microsoft dispersed its Meltdown and Spectre security settles in the January Patch Tuesday refresh. Windows 7 (64-bit) and Windows Server 2008 R2 machines with the February Patch Tuesday refreshes are additionally defenceless. Gadgets with Windows 10 and Windows 8.1 are not helpless.
All things considered, Windows 7 and Windows Server 2008 R2 gadgets proprietors are urged to refresh their machines with the latest patches circulated in March. Yet, Frisk takes note of that he found the defencelessness after Microsoft’s March Patch Tuesday refresh, and has not possessed the capacity to “connect the weakness to known CVEs or other known issues.”