Leave a comment

Windows 10 Meltdown patch has a 'fatal flaw'

Windows 10 Meltdown patch has a 'fatal flaw'

Microsoft's major Windows 10 update started rolling out last week and it is bringing a number of new features including Timeline and more Fluent Design tweaks plus Edge and Cortana enhancements.

Officially named the April 2018 Update, it was supposed to have been released on April 10 but was pulled back due to reliability issues. Since it's now rolling out, it appears that Microsoft has ironed out any serious bugs that delayed its release.

Speaking of bugs, it appears that one of the serious flaws that was fixed with the update has something to do with Meltdown Intel chip flaw.

Windows 10 Meltdown patches have a fatal flaw

Alex Ionescu, a security researcher for the cybersecurity company Crowdstrike, has revealed that Microsoft's recent Windows 10 patches for the Meltdown chip vulnerability have had a fatal flaw.

Ionescu explained the flaw in a tweet stating that "calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation."

In plain English, this means that this flaw basically bypasses Microsoft's Windows 10 Meltdown fixes and it renders the recent patches ineffective.

However, Microsoft quietly included a fix for this issue with the latest Windows 10 April 2018 Update. Yep, yet another patch to fix a patch .... that was supposed to fix another earlier patch.

This also means that Windows 10 machines that don't have the latest April 2018 Update yet are still vulnerable to this Meltdown bypass flaw.

Since this update is just rolling out and it's not available for everyone yet, you may have to wait a bit longer before this Meltdown flaw is patched.

Patches for older Windows 10 versions are coming

Microsoft is apparently planning on issuing patches to mitigate the Meltdown flaw on older Windows 10 versions soon.

"We are aware and are working to provide customers with an update," a Microsoft spokesperson told Bleeping Computer via email.

There's no clear indication about their release but these fixes could be issued via another emergency out-of-band update or via next month's Patch Tuesday updates.

This is indicative of just how problematic Microsoft's fixes for the Meltdown/Spectre have been. All the attempts to mitigate Spectre/Meltdown updates this year were so buggy, it forced Microsoft to release emergency patches to fix the confirmed bugs in each release.

How to get the April 2018 update

The Windows 10 April 2018 Update is currently rolling out but it could take some time, even weeks or months before it becomes available to your device.

First off, make sure your Windows 10 machine has enough space. Major updates are larger than your typical Patch Tuesday updates so it's a good time to review and reclaim your hard drive space. For example, last year's Fall Creators Update clocked in at more than 30 GB.

Also, it's important that you have a backup of your files before you proceed with the update, just in case something goes wrong during the process.

We recommend our sponsor, IDrive, for fast and reliable cloud backups. Backup your all your gadgets and save 50% on all your backup needs and get 2TB of storage for less than $35!

Once you have all the requirements set, keep an eye on a Windows notification telling you that your update is ready to download and install.

Alternatively, once the update goes live and you can't wait, you can grab the whole Windows image from here. This method requires intermediate technical know-how so we recommend that you just wait for the update to be pushed to your machine instead. Note: I don't recommend forcing an update, especially a major update like this one (wait for Automatic Updates instead).

In other news, Russians are targeting home routers. Here's how to protect yourself

We've been warning you about how vulnerable your router can be if it's not configured properly. And it's not just cybercriminals that we need to guard against. State-sponsored hackers that have completely different motives are equally dangerous too.

Next Story
Russians are targeting home routers. Here's how to protect yourself
Previous Happening Now

Russians are targeting home routers. Here's how to protect yourself

Did Facebook lawyers lie to Congress?
Next Happening Now

Did Facebook lawyers lie to Congress?

View Comments ()