Microsoft fixes a Meltdown vulnerability in Windows 7

Meltdown and Spectre vulnerabilities have caused headaches for device and software manufacturers. An example of this is Microsoft’s patch for Windows 7 and Windows Server 2008 R2, which inadvertently paved the way for new exploits.

Microsoft fixes a Meltdown vulnerability in Windows 7, Microsoft fixes a Meltdown vulnerability in Windows 7, Optocrypto

Microsoft fixes a Meltdown vulnerability in Windows 7

Security researcher Ulf Frisk discovered that Microsoft’s January patches for Meltdown allowed infected processes to read and write to physical memory, which could also lead to the elevation of privileges. Microsoft fixed this problem in the March patch, but the systems running January and February patches have been vulnerable so far.

The company has now released the KB4100480 update for Windows 7 x64 Service Pack 1, Windows Server 2008 R2 x64 Service Pack 1, and Windows Server 2008 R2 x64 Service Pack 1. This new update fixes a privilege elevation vulnerability when the Windows kernel does not properly handle objects in memory. The update fixes the vulnerability by adjusting how the Windows kernel handles objects in memory.

Microsoft has advised affected users to install the update immediately and has classified the severity of the problem as significant. Operating systems other than those mentioned above are protected from this exploit, and only computers are running Windows 7 and Windows Server 2008 R2, which have January or February patches, are affected.

The new patch is sent via Windows Update on specific Windows 7 systems, but can also be downloaded manually from the Microsoft update catalog here.