It appears that Microsoft’s patches earlier in 2018 for the Meltdown flaw actually caused Windows 7 and Windows Server 2008 to be less secure. In better news for those who still use either of the older operating systems, a March update has now fixed the potential issue that the earlier updates exposed. But there will be widespread frustration at the lack of progress by Microsoft on fixing vulnerabilities in their operating systems.
The Swedish security researcher Ulf Frisk says that Microsoft’s January and February patches,
“stopped Meltdown but opened up a vulnerability way worse.”
He went on to say:
“It allowed any process to read the complete memory contents at gigabytes per second, oh — it was possible to write to arbitrary memory as well.”
The Meltdown vulnerability caused widespread panic to IT managers and home users globally when it appeared that most PC’s had the flaw that could potentially allow a hacker access to some of their most sensitive data. In the early days, Microsoft was quick to get patches out to their clients who had been affected by the vulnerability but many insisted that it should have been noticed a long time ago. But it now appears that the patches that came out in January and February actually made the situation worse for older PC’s still running older software.
Owners can now rest assured that the patches have now covered up all of the flaws and they should now be reasonably well protected. The news was a nightmare for Microsoft who have had a good run over the last few years. To be fair to the Redmond giant they have been quick to put things right and will likely be more careful going forward, many security analysts had noted the vulnerability early and their warnings seemed to have been dismissed until there was a widespread problem.
- Tags: Vulnerability