SoylentNews is people
SoylentNews
Microsoft Working on a Fix for Windows 10 Meltdown Patch Bypass
Submitted via IRC for SoyCow3941
Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.
"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote.
Here is why you may want to skip this month Windows Updates - gHacks Tech News
Submitted via IRC for TheMightyBuzzard
Patch Tuesday is just around the corner; Microsoft pushes out security updates and other updates for all of its products on the second Tuesday of the month. [...] If you have not followed the release of the update, you may wonder why you should block the upgrade at this point in time.
It is simple: the update is riddled with bugs. I upgraded one PC to Windows 10 version 1803 and ran into a good dozen major issues; Edge or Windows Defender won't load, I can't right-click on taskbar items, no microcode update for Windows 10 version 1803 to patch the Spectre security issue is available, and shutdown is broken unless you disable Fast Restart. Those are just the issues that I ran into. Other users reported Chrome, Cortana and other software program freezes, out of disk space warnings because the recovery partition got a drive letter suddenly, lots of Alienware PCs that lock up, and a lot more.
Well maybe that's why you should. Why I should is because I don't let my gaming box connect to the Internet at all.
Source: https://www.ghacks.net/2018/05/05/here-is-why-you-may-want-to-skip-this-months-windows-updates/
PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions
Submitted via IRC for SoyCow4408
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
Original Submission #1 Original Submission #2 Original Submission #3
(Score: 4, Insightful) by SomeGuy on Monday May 07 2018, @06:51PM (7 children)
So in other words, the patch made things LESS secure. Brilliant.
"I ran the latest updates so I'm perfectly secure! Pollywannacracker!" Sure.
At this point I wouldn't even trust Microsoft to maintain anything more complicated than Minesweeper. (Wait, what? They moved Minesweeper to their online store? WTF?)
BTW, Cortana freezing up sounds like an improvement to me.
(Score: 2) by Thexalon on Monday May 07 2018, @07:04PM (6 children)
One of the factors has to be that Windows 10 makes Microsoft absolutely no money whatsoever. That substantially reduces their motivation for making it function properly.
The plan, as best as I can tell, was to give away the OS for free, get a gajillion users used to using it, and then slowly but surely wall in the users so the only way people could sell applications to them was to pay Microsoft for the privilege and approvals, just like Apple is doing with their walled garden. So far, I'm not seeing that happen. But no matter what, this business model means that users aren't the customers anymore, they're the product.
And I wouldn't be surprised if some of the backdoors are on purpose, possibly inserted on behalf of a Not Small Agency.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2) by Immerman on Monday May 07 2018, @07:35PM
How do you figure? I assume they still make roughly the same amount selling licenses to system builders, and certainly Windows 10 is no cheaper to purchase an OEM or retail license than its predecessors. Yes, there was a brief window where they gave away free upgrades from Win7 and 8, but that was when they were struggling to get any sort of adoption at all. And yes, last I heard you can still get a free upgrade if you're willing to fraudulently claim to use assistive technologies, but even then you're only talking about an upgrade of the OS on an old PC - a segment that was never terribly significant to the overall Window's market.
(Score: 2) by takyon on Monday May 07 2018, @08:00PM
Windows is Microsoft's way to push X, Y, and Z to hundreds of millions of people, collect "telemetry", display advertisements, etc. If it's broken and starts to lose users to other platforms, it's not good for Microsoft.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday May 07 2018, @08:22PM (2 children)
> One of the factors has to be that Windows 10 makes Microsoft absolutely no money whatsoever.
AFAIK, they're displaying ads on the lock screen and in the start menu. That has to be worth quite a sum.
(Score: 2, Interesting) by anubi on Tuesday May 08 2018, @06:19AM (1 child)
And we are all just one "mandatory update" away from having commercials appear on our screen just as they do right now on TV.
It would be quite feasible for the OS to open a window on the screen for the express purpose of running an ad. They may even charge extra for uncloseable ads that keep the user from doing anything else until the ad plays through.
What is a user to do when these things start popping up right in the middle of you using your machine - and its part of the OS... integrated into some vital process of the operating system? Kill the process and you knock off your internet access?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Justin Case on Tuesday May 08 2018, @02:14PM
Your answer is partially correct.
Kill, yes. Process, no.
Of course I'm still contemplating the software meaning of "kill", not the physical world one. As in: obliterate Windows and install something that respects you.
(Score: 0) by Anonymous Coward on Monday May 07 2018, @08:54PM
I completely agree, relative apathy to the OS itself seems to be the case given all of the recent very embarrassing things Win10 users have had to endure.
They may seem to be getting away with this in the near term, but it's interesting to note that most enterprises are still running Win7, including healthcare. Right now, 'upgrading' sounds like anything but. I wonder which health system is going to make the leap to Linux or even BSD first, because personal consumers might bend over for this sort of thing but enterprises & healthcare won't.
Heck, Office can be run from a browser these days. The writing may finally be on the wall.