Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Monday May 07 2018, @04:35PM   Printer-friendly
from the meltdown-letdown dept.

Microsoft Working on a Fix for Windows 10 Meltdown Patch Bypass

Submitted via IRC for SoyCow3941

Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.

"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote.

Source: https://www.bleepingcomputer.com/news/security/microsoft-working-on-a-fix-for-windows-10-meltdown-patch-bypass/

Here is why you may want to skip this month Windows Updates - gHacks Tech News

Submitted via IRC for TheMightyBuzzard

Patch Tuesday is just around the corner; Microsoft pushes out security updates and other updates for all of its products on the second Tuesday of the month. [...] If you have not followed the release of the update, you may wonder why you should block the upgrade at this point in time.

It is simple: the update is riddled with bugs. I upgraded one PC to Windows 10 version 1803 and ran into a good dozen major issues; Edge or Windows Defender won't load, I can't right-click on taskbar items, no microcode update for Windows 10 version 1803 to patch the Spectre security issue is available, and shutdown is broken unless you disable Fast Restart. Those are just the issues that I ran into. Other users reported Chrome, Cortana and other software program freezes, out of disk space warnings because the recovery partition got a drive letter suddenly, lots of Alienware PCs that lock up, and a lot more.

Well maybe that's why you should. Why I should is because I don't let my gaming box connect to the Internet at all.

Source: https://www.ghacks.net/2018/05/05/here-is-why-you-may-want-to-skip-this-months-windows-updates/

PoC Code Published for Triggering an Instant BSOD on All Recent Windows Versions

Submitted via IRC for SoyCow4408

A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.

Source: https://www.bleepingcomputer.com/news/microsoft/poc-code-published-for-triggering-an-instant-bsod-on-all-recent-windows-versions/


Original Submission #1Original Submission #2Original Submission #3

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Immerman on Monday May 07 2018, @07:35PM

    by Immerman (3985) on Monday May 07 2018, @07:35PM (#676760)

    How do you figure? I assume they still make roughly the same amount selling licenses to system builders, and certainly Windows 10 is no cheaper to purchase an OEM or retail license than its predecessors. Yes, there was a brief window where they gave away free upgrades from Win7 and 8, but that was when they were struggling to get any sort of adoption at all. And yes, last I heard you can still get a free upgrade if you're willing to fraudulently claim to use assistive technologies, but even then you're only talking about an upgrade of the OS on an old PC - a segment that was never terribly significant to the overall Window's market.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2