The cure worse than the disease; get your new patches or enjoy a total meltdown

Subject: General Tech | April 27, 2018 - 12:59 PM |
Tagged: meltdown, microsoft, security, patch, Windows 7, server 2008 r2

Wasn't it hilarious when Microsoft released a patch for the Meltdown flaw that made things even worse by allowing write access to kernel memory as well as read access?  Well, if you haven't the patch which fixes the patch in place you won't be laughing so hard today.  The Register has seen proof of concept code which makes use of this flaw to elevate a DOS shell window to NT AUTHORITY\System from a user without admin privileges.  Get yourself patched up, especially that Server 2008 instance!

View Full Size

"If you're not up-to-date with your Intel CPU Meltdown patches for Windows 7 or Server 2008 R2, get busy with that, because exploit code for Microsoft's own-goal flaw is available."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Video News


April 27, 2018 | 01:44 PM - Posted by ReallyMendokusaiThoseBastardsFromRedmondAre (not verified)

That patch(To Fix The Eariler Patch) came out late march/2018 and only folks that had not applied a separate patch to WSUS did not see the late March/2018 patch listed under WSUS.

AND M$ has really F--Ked things up lately so now folks are even more confused. And reporters need to start listing things more by KB numbers in addition to the CVE/other vulrenability number listings as when downloading patches from the windows update catalog updates(Securty/others) are listed/searched by KB number.

So its SNAFU all over again from the folks in Redmond.

The technology press with their lazy reporting of the issues and not including the KB number of the latest patch available that fixes the issue are just as bad.

If there is a patch(KB#) that directly fixes any older Patch(KB#) the the press needs to list the old patch's KB# and the New Patch's KB# that is there to patch the older patch. So Folks can make sure that the old patch has even been installed and If that old patch needs to be installed before the new patch is installed should be mentioned also.

That all patches in one KB nonsence that M$ forced on Windows 7 and 8.1 users has only made things worse because I'm only installing patches directly from the windows update catalog and only the monthly security only quality updates that hopefully are spyware free. And I'm only updating Windows 7(monthly sec only quality update) and IE11(cummulative monthly Sec update) and I have not been updating .Net/other things at all.

Individual Updates was the better way but M$ was less able to slip/backport all that 10 style spyware/telemetry into 7, 8.1 when updates came via windows update individually.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.