mar 28, 2018 - Total Meltdown
Description:
https://www.techrepublic.com/article/total-meltdown-how-microsofts-spectre-patch-created-an-even-bigger-flaw-for-hackers/
A programming oversight granted user-level applications full read/write access at native speeds, without using access tricks.
The issue, since patched, affected x86-64 versions Windows 7 and Server 2007 R2 on the January or February 2018 patch cycle.
A vulnerability introduced in Windows 7 by Microsoft as part of their attempts to patch the much-publicized Meltdown vulnerability was recently disclosed by Swedish security researcher Ulf Frisk in a blog post. In contrast to Meltdown, which was measured by the original researchers as being able to read kernel memory at around 120 KB/s, the newly-disclosed "Total Meltdown" vulnerability allows malicious programs to read complete system memory at speeds of gigabytes per second.
To make matters worse, it also gives complete write access to hackers, whereas the original Meltdown vulnerability was read-only, the post said. This vulnerability exists due to a programming oversight in the handling of memory mirroring for the virtual memory address space assigned when a program runs. The PML4 page table permission bit was incorrectly set to "user" instead of "supervisor." As a result, memory that should only be accessible to the kernel was automatically mapped for every process running at user-level privileges.
In Windows 7, and Windows Server 2008 R2 (which shares the same version of the Windows kernel,) PML4 is always mapped to the address 0xFFFFF6FB7DBED000 in virtual memory, whereas Windows 10 randomizes the location of this data, the post noted. With the address known, and capable of being manipulated normally without with the use of a particular programming trick, exploiting this oversight is trivial.
Added to timeline:
Timeline of Cyber Security Incidents
Prepared by https://cybersecurity.wtf/
Date:
