Submitted via IRC for SoyCow3941
Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike. Only patches for Windows 10 versions were affected, the researcher wrote today in a tweet. Microsoft quietly fixed the issue on Windows 10 Redstone 4 (v1803), also known as the April 2018 Update, released on Monday.
"Welp, it turns out the Meltdown patches for Windows 10 had a fatal flaw: calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation," Ionescu wrote.
Submitted via IRC for TheMightyBuzzard
Patch Tuesday is just around the corner; Microsoft pushes out security updates and other updates for all of its products on the second Tuesday of the month. [...] If you have not followed the release of the update, you may wonder why you should block the upgrade at this point in time.
It is simple: the update is riddled with bugs. I upgraded one PC to Windows 10 version 1803 and ran into a good dozen major issues; Edge or Windows Defender won't load, I can't right-click on taskbar items, no microcode update for Windows 10 version 1803 to patch the Spectre security issue is available, and shutdown is broken unless you disable Fast Restart. Those are just the issues that I ran into. Other users reported Chrome, Cortana and other software program freezes, out of disk space warnings because the recovery partition got a drive letter suddenly, lots of Alienware PCs that lock up, and a lot more.
Well maybe that's why you should. Why I should is because I don't let my gaming box connect to the Internet at all.
Source: https://www.ghacks.net/2018/05/05/here-is-why-you-may-want-to-skip-this-months-windows-updates/
Submitted via IRC for SoyCow4408
A Romanian hardware expert has published proof-of-concept code on GitHub that will crash most Windows computers within seconds, even if the computer is in a locked state.
Original Submission #1 Original Submission #2 Original Submission #3
(Score: 2) by Immerman on Monday May 07 2018, @07:35PM
How do you figure? I assume they still make roughly the same amount selling licenses to system builders, and certainly Windows 10 is no cheaper to purchase an OEM or retail license than its predecessors. Yes, there was a brief window where they gave away free upgrades from Win7 and 8, but that was when they were struggling to get any sort of adoption at all. And yes, last I heard you can still get a free upgrade if you're willing to fraudulently claim to use assistive technologies, but even then you're only talking about an upgrade of the OS on an old PC - a segment that was never terribly significant to the overall Window's market.