Skip to main content

Microsoft’s Windows 7 Meltdown update granted access to all data in memory

Security researcher Ulf Frisk reports that patches to address the Meltdown processor flaw on Windows 7 (64-bit) and Windows Server 2008 R2 machines created a far greater vulnerability. He claims the new flaw allows any process to read everything stored in memory “at gigabytes per second.” It also allows processes to write to arbitrary memory without “fancy exploits.” 

“Windows 7 already did the hard work of mapping in the required memory into every running process,” Frisk states. “Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or system calls required — just standard read and write!” 

Recommended Videos

Because of the amount of data stored in memory is rather large and complex, Windows PCs track data using addresses listed on virtual and physical “maps” or “pages.”  The reported problem resides with a four-level in-memory page table hierarchy the processor’s Memory Management Unit uses to translate the virtual addresses of data into physical addresses stored in the system memory. 

Please enable Javascript to view this content

According to Frisk, Windows 7 and Windows Server 2008 R2 have a self-referencing entry on Page Map Level 4 (PML4) in virtual memory with a fixed address. This address is only made available to the operating system’s lowest, most secure level: The kernel. Only processes with a “supervisor” permission have access to this address and the data on this table. 

But Microsoft’s Meltdown patches released at the beginning of 2018 set the permission to “user.” That means all processes and applications can access all data stored in memory, even data only meant to be used by the operating system. 

“Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization,” Frisk writes. “All one has to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory.” 

To prove this discovery, Frisk added a technique to exploit the vulnerability — a memory acquisition device — in the PCLeech direct memory access toolkit. But if you’re trying to test the vulnerability on a Windows 7 or Windows Server 2008 R2 machine updated on March Patch Tuesday, you’re out of luck. Microsoft switched the PML4 permission back to “supervisor” as part of the company’s blanket of security fixes for the month. 

The memory problem surfaced after Microsoft distributed its Meltdown and Spectre security fixes in the January Patch Tuesday update. Windows 7 (64-bit) and Windows Server 2008 R2 machines with the February Patch Tuesday updates are also vulnerable. Devices with Windows 10 and Windows 8.1 are not vulnerable. 

That said, Windows 7 and Windows Server 2008 R2 devices owners are encouraged to update their machines with the most recent patches distributed in March. But Frisk notes that he discovered the vulnerability after Microsoft’s March Patch Tuesday update, and has not been able to “correlate the vulnerability to known CVEs or other known issues.” 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
We now know why AMD chose to delay RDNA 4 — well, kind of
AMD announcing FSR 4 during CES 2025.

AMD hasn't been very forthcoming when it comes to information about its RX 9000 series GPUs, but we just got an update as to why the cards won't be available until sometime in March. The company cites software optimization and FSR 4 as the two reasons why it most likely decided to delay the launch of RDNA 4. But is that all there is to it, or is AMD waiting to see some of Nvidia's best graphics cards before pulling the trigger on the RX 9070 XT?

The update comes from David McAfee, AMD's vice president and general manager of the Ryzen CPU and Radeon graphics division. A couple of days ago, McAfee took to X (Twitter) to announce that AMD was excited to launch the RX 9000 series in March. This caused a bit of an uproar, with many enthusiasts wondering why AMD was choosing to wait so long.

Read more
What power supply do you need for the RTX 5090 and RTX 5080?
The RTX 5090 sitting on top of the RTX 4080.

Nvidia’s new RTX 50-series GPUs represent a leap forward in gaming and content creation, but they also push the boundaries of what’s expected from your power supply. The RTX 5090 and RTX 5080, will be the first two models available for purchase starting January 30, and are expected to deliver improved performance over its predecessors -- you can already see that in action in our RTX 5090 review.

However, with great power comes greater demands on your power supply. If you're planning to upgrade to either of these next-generation graphics cards, it’s crucial to know what kind of PSU (Power Supply Unit) you need. Ensuring your PSU meets or exceeds the recommended specifications is critical for avoiding crashes, ensuring system stability, and maintaining long-term reliability.

Read more
Gaming mouse goes up in flames, nearly causes apartment fire
A burned Gigabyte moue as posted by a user on Reddit

Think you have one of the best gaming mice? Think again. A Reddit user recently reported a concerning incident involving their Gigabyte M6880X gaming mouse, which allegedly caught fire spontaneously, filling their apartment with black smoke and causing significant property damage.

The user who goes by the unser name lommelinn, shared images showing the melted mouse, burn marks on the desk, and a destroyed mouse pad. They recounted discovering the device "burning with large flames," which they quickly extinguished. Despite their swift action, the room was left covered in black particles, affecting other equipment, including a modular synthesizer.

Read more