Microsoft’s Windows 7 Meltdown update granted access to all data in memory

Security researcher Ulf Frisk reports that patches to address the Meltdown processor flaw on Windows 7 (64-bit) and Windows Server 2008 R2 machines created a far greater vulnerability. He claims the new flaw allows any process to read everything stored in memory “at gigabytes per second.” It also allows processes to write to arbitrary memory without “fancy exploits.” 

“Windows 7 already did the hard work of mapping in the required memory into every running process,” Frisk states. “Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or system calls required — just standard read and write!” 

Because of the amount of data stored in memory is rather large and complex, Windows PCs track data using addresses listed on virtual and physical “maps” or “pages.”  The reported problem resides with a four-level in-memory page table hierarchy the processor’s Memory Management Unit uses to translate the virtual addresses of data into physical addresses stored in the system memory. 

According to Frisk, Windows 7 and Windows Server 2008 R2 have a self-referencing entry on Page Map Level 4 (PML4) in virtual memory with a fixed address. This address is only made available to the operating system’s lowest, most secure level: The kernel. Only processes with a “supervisor” permission have access to this address and the data on this table. 

But Microsoft’s Meltdown patches released at the beginning of 2018 set the permission to “user.” That means all processes and applications can access all data stored in memory, even data only meant to be used by the operating system. 

“Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization,” Frisk writes. “All one has to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory.” 

To prove this discovery, Frisk added a technique to exploit the vulnerability — a memory acquisition device — in the PCLeech direct memory access toolkit. But if you’re trying to test the vulnerability on a Windows 7 or Windows Server 2008 R2 machine updated on March Patch Tuesday, you’re out of luck. Microsoft switched the PML4 permission back to “supervisor” as part of the company’s blanket of security fixes for the month. 

The memory problem surfaced after Microsoft distributed its Meltdown and Spectre security fixes in the January Patch Tuesday update. Windows 7 (64-bit) and Windows Server 2008 R2 machines with the February Patch Tuesday updates are also vulnerable. Devices with Windows 10 and Windows 8.1 are not vulnerable. 

That said, Windows 7 and Windows Server 2008 R2 devices owners are encouraged to update their machines with the most recent patches distributed in March. But Frisk notes that he discovered the vulnerability after Microsoft’s March Patch Tuesday update, and has not been able to “correlate the vulnerability to known CVEs or other known issues.” 


Get the Surface Pro 6, with keyboard included, for $1,000 at Microsoft

Thinking of buying a Surface Pro 6? Microsoft is currently running a deal on its latest Windows 2-in-1, letting you bring one home for $1,000 with the keyboard included in the price.

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though. Our guide will help you isolate the issue at hand and solve it in a timely manner.

Get the best of both worlds by sharing your data on MacOS and Windows

Compatibility issues between Microsoft Windows and Apple MacOS may have diminished sharply over the years, but that doesn't mean they've completely disappeared. Here's how to make an external drive work between both operating systems.

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.

Get the most out of your high-resolution display by tweaking its DPI scaling

Windows 10 has gotten much better than earlier versions at supporting today's high-resolution displays. If you want to get the best out of your monitor, then check out our guide on how to adjust high-DPI scaling in Windows 10.

Looking for a Chromebook? The Google PixelBook just got a $200 price cut

Once relatively obscure, Chromebooks have come into their own in a big way in recent years. One of our favorites is the super-sleek Google Pixelbook, and it's on sale right now from Amazon for $200 off, letting you score this premium laptop…

Got gadgets galore? Keep them charged up with the 10 best USB-C cables

We're glad to see that USB-C is quickly becoming the norm. That's why we've rounded up some of the better USB-C cables on the market, whether you're looking to charge or sync your smartphone. We've got USB-C to USB-C and USB-C to USB-A.

Nvidia’s GTX 1650 graphics card could be just a slight upgrade over the 1050 Ti

Rumors suggest Nvidia might soon launch the GTX 1650, and a leaked benchmark listing from Final Fantasy XV suggests that the new graphics card could be just a slight upgrade over last generation's GTX 1050 Ti. 

Get ready to say goodbye to some IFTTT support in Gmail by March 31

If This Then That, the popular automation service, will drop some of its support for Gmail by March 31. The decision comes as a response to security concerns and is aimed to protect user data.

Get the new Dell XPS 13 for $750 with this limited-time deal

Dell is currently running a limited time deal lasting through Thursday, March 28, where you can bring home a version of this year's new XPS 13 for around $750 with the use of a special coupon code. 

This is the easiest way to save your iPhone data to your computer

Living in fear of losing your contacts, photos, messages, and notes on your iPhone? Fear no more -- in this guide, we'll break down exactly how to back up your iPhone to your computer using Apple's iTunes or to the cloud with iCloud.

Here are the best iPad Pro keyboard cases to pick up with your new tablet

The iPad Pro range can double as laptops, but they do need proper keyboards to fill in effectively. Thankfully, there are loads to choose from and we rounded up the best iPad Pro keyboard cases right here.

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.