Newsletter Archives

  • Total Meltdown (not Meltdown!) exploit now available

    Posted on April 23, 2018 at 07:03 CDT by Comment in the Forums

    Remember Total Meltdown, the gaping 64-bit Win7/Server 2008R2 security hole introduced by Microsoft in all of these patches?

    • KB 4056894 Win7/Server 2008 R2 January Monthly Rollup.
    • KB 4056897 Win7/Server 2008 R2 January Security-only patch.
    • KB 4073578 Hotfix for “Unbootable state for AMD devices in Windows 7 SP1. and Windows Server 2008 R2 SP1” bug installed in the January Monthly Rollup and Security-only patches.
    • KB 4057400 Win7/Server 2008 R2 Preview of the February Monthly Rollup.
    • KB 4074598 Win7/Server 2008 R2 February Monthly Rollup.
    • KB 4074587 Win7/Server 2008 R2 February Security-only patch.
    • KB 4075211 Win7/Server 2008 R2 Preview of the March Monthly Rollup.
    • KB 4091290 Hotfix for “smart card based operations fail with error with SCARD_E_NO_SERVICE” bug installed in the February Monthly Rollup.
    • KB 4088875 Win7/Server 2008 R2 March Monthly Rollup.
    • KB 4088878 Win7/Server 2008 R2 March Security-only patch.
    • KB 4088881 Win7/Server 2008 R2 Preview of April Monthly Rollup.

    The chickens have come home to roost. In the past few hours there’s been exploit code posted on GitHub that takes advantage of the Total Meltdown hole. Self-described “Hacker and Infosec Researcher” XPN has details.

    Thank you, Microsoft.

    At this point, I figure Win7/Server 2008 R2 users have three options:

    • Take Susan Bradley’s advice and roll back your machine to its state before the patching insanity started in January. That’s a massive, thankless, task, and it leaves you exposed to the (few) real security holes plugged this year.
    • Download and manually install the KB 4093108 Security-only patch.
    • Use Windows Update to install all of the checked April patches, including the KB 4093118 Monthly Rollup.

    If you take either of the last two approaches, make a backup first. There are loads of known bugs with this month’s patches.

    Alternatively, you could install KB 4100480, which fixes the Total Meltdown bug, but introduces all sorts of problems, per MrBrian and Susan Bradley.

    Welcome to the cesspool that has become Windows 7.

    UPDATE: XPN has published a new version of his exploit.

    Thx @GossiTheDog.

    Windows Patches/Security , , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.